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Your details 


Your details 


Title 
Mrs 


First name 
tshingombe 


Surname 
tshitadi 


Company name 
engineering tshingombe 


Email address 
tshingombefiston@gmail.com 


Phone number 
0725298946 


Your request 


Your request 


Select the option that most applies to you 
Ask us a question about using the Met’s IP 


Details of your enquiry 
Gmail tshingombe fiston Tshingombe, you forgot something tshingombe fiston Tue, Jul 9, 2024 at 2:00 PM To: Tableau Software , tshingombe fiston , 
TSHINGOMBEKB TSHITADI tshingombeassessent.pdf 03-Jul-2024 12:50 358.8K tshingombeassessent.pdf.docx 03-Jul-2024 12:51 337.1K winzip27-p003.exe 03- 
Jul-2024 12:51 2.8M work sale tshingomb assesmen.pdf 03-Jul-2024 12:51 497.5K work sale tshingomb assesmen.pdf action esse tshingombe.pdf 03-Jul-2024 
12:51 268.6K work sale traffic to view assessment tshingombe.pdf 03-Jul-2024 12:51 362.4K worksale assess pipe asstshingombe.pdf 03-Jul-2024 12:51 429.3K 
worksale data certie assessment,.pdf 03-Jul-2024 12:51 351.1K worsales force , assessment tshingomb.pdf 03-Jul-2024 12:51 595.5K 
https://analytics.archive.org/0.gif?kind=track_js&track_js_case=control&cache_bust=880193227Why Tableau --------- Products ---:--:++++++: Solutions - - - - 
***Resources* +++ sss tree see ees Partners - Pricing Try Now Search Home My Activity Forums Ideas Groups - - Get Started - Blogs - 
https://community.tableau.com/profilephoto/005/T tshingombe tshitadi Member Name tshingombe tshitadi Location Email tshingombefiston@gmail.com Phone 
Nickname tshingombe.tshitadi Pronouns About Me Address Tableau Public Profile Twitter Handle LinkedIn Profile URL Website Company Name Company 
Website Industry Company Phone Number Title Johannesburg Company City Department Company State Job Function Company Zip Code Company Country 
Product Expertise User Role Last Login 7/4/2024 1:52 AM Created By https://community.tableau.com/img/userprofile/default_profile_45_v2.pngEA Deployment 
User , 7/4/2024 1:52 AM Feed Signature Setting Enable Feed Signature - - - Bell Notification Settings A User you follow asks a Question A User you follow replies 
to a Question A User you follow posts a Blog A User you follow creates a Product Idea Please note, only updates to your Name and Title will be reflected in your 
Tableau Profile. If you experiencing problems updating your profile, please contact support at community@tableau.com Community Activity Bookmarks User 
Blogs Post Sort by: Skip Feed Well tshingombe tshitadi's rather quiet Post something, run a poll, or ask a question to get the conversation started. End of Feed 
Well tshingombe tshitadi's rather quietPost something, run a poll, or ask a question to get the conversation started. 
https://community.tableau.com/profilephoto/005/F User Stats Data NewbieData Newbie (1 point) Following 0 Followers 0 Posts 0 Comments 0 Likes Received 0 
Recognition Badges Files Drop Files Or drop files Groups Followers Following Getting Started First Time Here Forum Guidelines Code of Conduct Advertising 
Policy Explore ForumsView All Topics Tableau Desktop & Web Authoring Tableau Prep Tableau Mobile Tableau Public Tableau Server Tableau Cloud Data & 
Connectivity Calculations Dates & Times Formatting Accessibility Server Admin Security & Permissions Authentication Backup & Restore Installations & 
Upgrades Developers & APIs Licensing Mapping eLearning & Training Tableau Certifications - Find User Group boards - Blogs - Leaderboard - Ideas - My Activity 
System Status Blog Developer Contact Us Legal Privacy Uninstall Cookie Preferences Your Privacy Choices LinkedIn Facebook Twitter ©2024 Salesforce, Inc. 
Go home 's Avatar My Profile FAQ Sign Out Understanding Variation for Wise Comparisons 1 of 1 lessons completed (100%) Understanding Variation for Wise 
Comparisons Curriculum Course Overview Understanding Variation for Wise Comparisons Great job! Ready for more? optional About this course © 2024 
Tableau Terms & Conditions FAQ Tableau Community Forums Support https://www.salesforce.com/content/dam/web/global/svg-icons/icon-cpra.svgYour Privacy 
Choices powered by Skilljar Go home 's Avatar My Profile FAQ Sign Out Using Correlation and Regression to Examine Relationships 1 of 1 lessons completed 
(100%) Using Correlation and Regression to Examine Relationships Curriculum Course Overview Using Correlation and Regression to Examine Relationships 
You did it! Time to share your skills! optional About this course © 2024 Tableau Terms & Conditions FAQ Tableau Community Forums Support 
https://www.salesforce.com/content/dam/web/global/svg-icons/icon-cpra.svgYour Privacy Choices powered by Skilljar Go home 's Avatar Sign Out My Profile 's 
Avatar Done For best results, use a square image tshingombefiston@gmail.com Registrations Title Enrolled Status Completed Certificate completed Expiration 
Certificate expiration Receive notifications Understanding Distributions 2024-Jul-04 Not complete -- -- -- -- Understanding Variation for Wise Comparisons 2024- 
Jul-04 Completed 2024-Jul-04 -- -- -- Using Correlation and Regression to Examine Relationships 2024-Jul-04 Completed 2024-Jul-04 -- -- -- Done © 2024 Tableau 
Terms & Conditions FAQ Tableau Community Forums Support https://www.salesforce.com/content/dam/web/global/svg-icons/icon-cpra.svgYour Privacy Choices 
powered by Skilljar Skip to content https://policecareers.tal.net/SAN/live/bespoke/system/427/88de8d7e-f7 7f-4e90-94a6-4ca187376cc6/css/brand/3/img/logo.gif 
Back to Metropolitan Police Service Home Internal Vacancies Internal Promotions Internal Events Help Centre Your Applications: Applications Title Status Action 
Volunteer Police Cadet Leader Application Update ReviewVolunteer Police Cadet Leader Vehicle Replacement Programme Manager - Band D - Counter Terrorism 
Policing HQ Application Update ReviewVehicle Replacement Programme Manager - Band D - Counter Terrorism Policing HQ Travel Services — Band C Service 
Delivery Manager Application Update ReviewTravel Services — Band C Service Delivery Manager Thamesmead Recruitment Event Registration Update 
ReviewThamesmead Recruitment Event Technical Training Manager - Technology CSC - Counter Terrorism Policing HQ Application Update ReviewTechnical 
Training Manager - Technology CSC - Counter Terrorism Policing HQ Technical Training Manager - Technology CSC - Counter Terrorism Policing HQ Application 
Update ReviewTechnical Training Manager - Technology CSC - Counter Terrorism Policing HQ Technical Support Operative Application Update ReviewTechnical 
Support Operative Substantive Detective Inspector - DPS Specialist investigations Application Update ReviewSubstantive Detective Inspector - DPS Specialist 
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investigations Student Placement - Programme Support Officer — Real Estate Development, Property Services Department 2024/2025 Application Update 
ReviewStudent Placement - Programme Support Officer — Real Estate Development, Property Services Department 2024/2025 Student Placement - Estate and 
Asset Management Placement Student — Real Estate Management, Property Services Department 2024/2025 Application Update ReviewStudent Placement - 
Estate and Asset Management Placement Student — Real Estate Management, Property Services Department 2024/2025 Student Placement - Construction and 
Building Engineering Services - Real Estate Development , Property Services Department 2024/2025 Application Update ReviewStudent Placement - 
Construction and Building Engineering Services - Real Estate Development , Property Services Department 2024/2025 Staff Officer to Director of Intelligence & 
Covert Policing Application Update ReviewStaff Officer to Director of Intelligence & Covert Policing Specialist Operations Recovery Manager Application Update 
ReviewSpecialist Operations Recovery Manager Senior Server Engineer - Counter Terrorism Policing HQ Application Update ReviewSenior Server Engineer - 
Counter Terrorism Policing HQ Senior Safety Advisor First Aid Application Update ReviewSenior Safety Advisor First Aid Senior Project Manager Application 
Update ReviewSenior Project Manager Senior Development Operations Engineer - Band M - Counter Terrorism Policing HQ Application Update ReviewSenior 
Development Operations Engineer - Band M - Counter Terrorism Policing HQ Senior Design Standards Manager Application Update ReviewSenior Design 
Standards Manager Senior Administrative Assistant Application Update ReviewSenior Administrative Assistant Security Assurance Manager Application Update 
ReviewSecurity Assurance Manager Secure: Programme Delivery Senior Manager Application Update ReviewSecure: Programme Delivery Senior Manager 
Safety Camera Prosecutions Team Manager Application Update ReviewSafety Camera Prosecutions Team Manager Safety Academy QUAD Officer Application 
Update ReviewSafety Academy QUAD Officer Royalty and Specialist Protection - Finance Administrator Application Update ReviewRoyalty and Specialist 
Protection - Finance Administrator Royalty and Specialist Protection - Finance Administrator Application Update ReviewRoyalty and Specialist Protection - 
Finance Administrator Research Officer for Intelligence Development Team (East) - Band E Role Application Update ReviewResearch Officer for Intelligence 
Development Team (East) - Band E Role Referencing & Vetting Insight and Governance Team Member Application Update ReviewReferencing & Vetting Insight 
and Governance Team Member Referencing & Vetting Insight and Governance Team Member Application Update ReviewReferencing & Vetting Insight and 
Governance Team Member Project Support Officer Application Update ReviewProject Support Officer Police Liaison Gateway Team Application Update 
ReviewPolice Liaison Gateway Team PMO Lead - Change - Counter Terrorism Policing HQ Application Update ReviewPMO Lead - Change - Counter Terrorism 
Policing HQ Performance and Assurance Team Member Application Update ReviewPerformance and Assurance Team Member PC - Covert Human Intelligence 
Source (CHIS) Handler Application Update ReviewPC - Covert Human Intelligence Source (CHIS) Handler Operations Inspector Application Update 
ReviewOperations Inspector Online Insight Session Registration Update ReviewOnline Insight Session NPPF Step Two May 2024 Legal Exam - (Previously 
OSPRE) - Inspectors Application Update ReviewNPPF Step Two May 2024 Legal Exam - (Previously OSPRE) — Inspectors NPoCC Planner - Band E Application 
Withdrawn ReviewNPoCC Planner - Band E New Scotland Yard Insight Session Registration Update ReviewNew Scotland Yard Insight Session National Police 
Chiefs Council - Programme Manager Application Update ReviewNational Police Chiefs Council - Programme Manager National Police Chiefs Council - 
Programme Manager Application Update ReviewNational Police Chiefs Council - Programme Manager Motor Vehicle Technician Application Update ReviewMotor 
Vehicle Technician Misconduct Hearings Unit - Usher Application Update ReviewMisconduct Hearings Unit - Usher MetLaw Clerk Application Update 
ReviewMetLaw Clerk Leadership Facilitator Application Withdrawn ReviewLeadership Facilitator Lead Software Developer - Counter Terrorism Policing HQ 
Application Update ReviewLead Software Developer - Counter Terrorism Policing HQ Junior Software Developer - Counter Terrorism Policing HQ Application 
Update ReviewJunior Software Developer - Counter Terrorism Policing HQ Interest in being promoted to a Sergeant? Register your interest here and we will 
notify you when the promotion process launches. Talent Bank Reviewinterest in being promoted to a Sergeant? Register your interest here and we will notify you 
when the promotion process launches. Interest in being promoted to a Chief Superintendent? Register your interest here and we will notify you when the 
promotion process launches. Talent Bank - Withdrawn ReviewiInterest in being promoted to a Chief Superintendent? Register your interest here and we will notify 
you when the promotion process launches. Inspector to Chief Inspector Promotion Process 2024 Application Update ReviewInspector to Chief Inspector 
Promotion Process 2024 Insight, Data and Evaluation Senior Manager Application Update Reviewlnsight, Data and Evaluation Senior Manager IDD - Junior 
Business Design Analyst Application Update ReviewlDD - Junior Business Design Analyst HR Administrator - Counter Terrorism Policing HQ Application Update 
ReviewHR Administrator - Counter Terrorism Policing HQ Head of Visits and Events Application Update ReviewHead of Visits and Events Head of Security 
Architecture Application Update ReviewHead of Security Architecture Head of Data Engineering Application Update ReviewHead of Data Engineering Grievance 
Assessor Application Update ReviewGrievance Assessor Forensic Examiner — Forensic Firearms Unit (FFU) Application Update ReviewForensic Examiner — 
Forensic Firearms Unit (FFU) Forensic Collision Investigator — Trainee Application Update ReviewForensic Collision Investigator — Trainee Fleet Contract 
Lifecycle Support Application Withdrawn ReviewFleet Contract Lifecycle Support Equip for Service (EFS) Coordinator Application Update ReviewEquip for 
Service (EFS) Coordinator Electronics Development Manager Application Update ReviewElectronics Development Manager Electronics Development Engineer 
Application Update ReviewElectronics Development Engineer Electronics Development Engineer Application Update ReviewElectronics Development Engineer 
Edmonton Insight Session Registration Update ReviewEdmonton Insight Session Digital Strategy Advisor - Digital Forensics Application Update ReviewDigital 
Strategy Advisor - Digital Forensics Digital Strategy Advisor - Digital Forensics Application Update ReviewDigital Strategy Advisor - Digital Forensics Digital 
Forensic Technician Application Update ReviewDigital Forensic Technician Development Technician - Software Developer Application Update 
ReviewDevelopment Technician - Software Developer Development Operations Engineer - Band N - Counter Terrorism Policing HQ Application Update 
ReviewDevelopment Operations Engineer - Band N - Counter Terrorism Policing HQ Development Engineer - Software Developer Application Update 
ReviewDevelopment Engineer - Software Developer Development Engineer Application Update ReviewDevelopment Engineer Development Engineer Application 
Update ReviewDevelopment Engineer Detective Sergeant London Region Protected Persons Unit (LRPPU) Application Update ReviewDetective Sergeant London 
Region Protected Persons Unit (.RPPU) Detective Inspector - Specialist Investigation Unit - DPS Application Withdrawn ReviewDetective Inspector - Specialist 
Investigation Unit - DPS Detective Inspector - Inquiry & Review Support Command (IRSC) Application Update ReviewDetective Inspector - Inquiry & Review 
Support Command (IRSC) Designated Detention Officer Application Update ReviewDesignated Detention Officer Deputy National Coordinator, Protect & Prepare 
- Supt - Counter Terrorism Policing HQ Application Update ReviewDeputy National Coordinator, Protect & Prepare - Supt - Counter Terrorism Policing HQ Data 
Quality Management Lead Application Update ReviewData Quality Management Lead Data Management Officer Indexer - Band E - NDMC - Counter Terrorism 
Policing HQ Application Update ReviewData Management Officer Indexer - Band E - NDMC - Counter Terrorism Policing HQ Cyber Unit - DI Protect, Prepare and 
Prevent Application Update ReviewCyber Unit - DI Protect, Prepare and Prevent Custody Healthcare Practitioner Open Day Event - Hammersmith Police Station - 
Thursday 27th June 2024 13:00PM Registration Update ReviewCustody Healthcare Practitioner Open Day Event - Hammersmith Police Station - Thursday 27th 
June 2024 13:00PM CSC - Offender Management - International Assistance Unit (IAU) Detective Constable Application Update ReviewCSC - Offender 
Management - International Assistance Unit (IAU) Detective Constable Crime Academy DC - Interview Team Application Update ReviewCrime Academy DC - 
Interview Team Counter Terrorism Security Advisor (CTSA) Application Update ReviewCounter Terrorism Security Advisor (CTSA) Counter Terrorism Police 
Liaison Officer - DSU - IOPS - Counter Terrorism Policing SO15 Application Withdrawn ReviewCounter Terrorism Police Liaison Officer - DSU - 1IOPS - Counter 
Terrorism Policing SO15 Correspondence Manager Application Update ReviewCorrespondence Manager CONNECT Support Team- User Support Specialist 
Application Update ReviewCONNECT Support Team- User Support Specialist Commercial Apprentice Application Update ReviewCommercial Apprentice 
Centralised Admin - Typing Services Application Update ReviewCentralised Admin - Typing Services CCTV Investigations Assessment/Review - Band D - NDES 
$3 - $015 Application Update ReviewCCTV Investigations Assessment/Review - Band D - NDES S3 - SO15 Case Management Administrator Application Update 
ReviewCase Management Administrator Business Change Supervisor Application Update ReviewBusiness Change Supervisor Business Change Lead - Change - 
Counter Terrorism Policing HQ Application Update ReviewBusiness Change Lead - Change - Counter Terrorism Policing HQ Building Manager Application 
Update ReviewBuilding Manager Biometric Intelligence Case Officer - Band D - NDES S6 - SO15 Application Update ReviewBiometric Intelligence Case Officer - 
Band D - NDES S6 - SO15 Beckton Recruitment Event Registration Update ReviewBeckton Recruitment Event Audit and Risk Manager - Strategic Planning & 
Risk Application Update ReviewAudit and Risk Manager - Strategic Planning & Risk Apprentice Vehicle Mechanical Electrical Trim (M.E.T.) Technician Application 
Update ReviewApprentice Vehicle Mechanical Electrical Trim (M.E.T.) Technician Apprentice Motorcycle Technician Application Update Review Apprentice 
Motorcycle Technician Anti-Corruption and Abuse (ACAC) Intelligence Bureau. Application Update ReviewAnti-Corruption and Abuse (ACAC) Intelligence 
Bureau. 202307 Transferring Officers - Specialist Team Application Update Review202307 Transferring Officers - Specialist Team 202307 Transferring Officers - 
Neighbourhood Team Application Update Review202307 Transferring Officers - Neighbourhood Team 202305 - Police Community Support Officer (PCSO) 
Application Update Review202305 - Police Community Support Officer (PCSO) 202207 - Detective Constable Pathway Application Update Review202207 - 
Detective Constable Pathway 042024 - DCEP (Detective Constable Entry Programme) Application Update Review042024 - DCEP (Detective Constable Entry 
Programme) View cookie policy © Mayor's Office for Policing and Crime 2016 PSIRA Licensing https://digitalservices.psira.co.za/assets/images/switch-icon.png 
Switch your profile Logged in As : Security Officer fiston Dashboard Company Request Downloads TP Instructor Requests Service Requests Invoices Claim 
Course Report Booking In Progress https://digitalservices.psira.co.za/assets/images/image_not_available.png Photo to be taken at PSIRA office on your visit 
CRC Status - New Application PSIRA Status - Inactive App. No - APP-6163228 Creation Date - 29-06-2024 Phone verified Email verified Finger Print verified 
Congratulations! you have passed the pre-assessment Payment Registration Grade E (Registration) (Security officer) Reg Fee- R270 Latest Updates Last 
Updated Date Description Show all 30-06-2024 10:01 AM You have successfully completed your pre-questionnaire exam. Your pre-questionnaire exam result is - 
Pass 1 Times 29-06-2024 20:18 PM Registration request submitted by the applicant.. 1 Times PSIRA Licensing 
https://digitalservices.psira.co.za/assets/images/switch-icon.png Switch your profile Logged in As : Security Business Tshingombe Dashboard Security Officer 
Downloads Invoices Service Requests Engagement and Termination History In Progress https://digitalservices.psira.co.za/assets/images/business-no-img.jpg 
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App. No - APP-4500662 Creation Date - 05-12-2022 Phone verified Email verified Exam Please finalise your Security Business Registration Payment to proceed 
further. Registration Fee - R7900 My Branches Latest Updates Last Updated Date Description Show all 12-05-2022 15:14 PM Registration request submitted by the 
applicant 1 Times atch Number Company PSIRA # Creation Date Type Status BATCH-383731 29-06-2024 Engagement Pending BATCH-383732 29-06-2024 
Termination Pending Your Tableau Blueprint Assessment Results Thank you for completing the Blueprint Assessment. Find everything you need to build your 
action plan and get started with Tableau Blueprint using the Blueprint Tool Kit - a collection of resources to help run the Tableau Blueprint Assessment within 
your organization. GET THE TOOL KIT Creating a thriving Data Culture doesn’t happen by flipping a switch. Professional Services from Tableau can help you 
create that foundation and ensure you get the most out of your Tableau investment. CONTACT SALES Your Submission ID: 22255 Agility The Agility workstream 
is focused on deployment, monitoring, and maintenance. These are typically IT-led efforts that rely heavily on understanding the broader technical requirements 
and overall business strategy. Based on your assessment results, here are your personalized recommendations and next steps. Capabilities: Agility LO W You 
started here H | G H Follow these recommendations to build your Agility capabilities. Install and configure Tableau Server Understanding how your hardware, 
network, databases, and applications interoperate is the first step in planning your Tableau Server installation. Documenting this will give you insight for 
installation and configuration and ongoing platform operations. 1. Review the Tableau Deployment section of Tableau Blueprint. 2. Complete the Enterprise 
Architecture Survey in the Tableau Blueprint Planner. 3. Leverage these insights to install and configure Tableau Server. For step-by-step guidance, visit the 
Tableau Help documentation for the Tableau Server products you're implementing. 4. Explore Server Rapid Start to optimize your server installation. Work with 
our experts to ensure a successful and stable Tableau Server environment with a plan for monitoring the scalable growth of users, content, and interactivity. 
Configure user authentication and authorization for Tableau Server To deploy Tableau, you will need to define authentication and authorization protocols for users 
in your organization. 1. Review the Authentication and Authorization section of Tableau Blueprint. For more detailed guidance and configuration instructions, 
review the Tableau Server Help documentation on Authentication (Windows | Linux). 2. Configure either a local identity store or an external identity store at time 
of install. 3. Choose a Tableau Server authentication method that is compatible with your identity store. Manage Tableau licenses Licenses should be managed 
according to your organization's software license processes for allocating to new Tableau users, changing Tableau license levels as analytical skills increase, and 
reclaiming available Tableau licenses when someone leaves the company. 1. Review the Tableau License Management section of Tableau Blueprint. 2. Define a 
process for allocating licenses to new Tableau users. 3. Define a process for changing Tableau license levels for current Tableau users. 4. Define a process for 
reclaiming Tableau licenses when someone leaves the company. 5. Enable license management features in your Tableau environment - Login-Based License 
Management and Grant Role on Sign In - and update processes accordingly. 6. Document this information, and it to your Enablement Intranet. Deploy client 
software (Desktop/Prep Builder) Distributing Tableau Desktop and Tableau Prep Builder (for Creators) can be done in a few different ways. Determine and 
document the process. 1. Review the Tableau Desktop and Tableau Prep Builder Deployment section of Tableau Blueprint. 2. Determine if you want to customize 
the install (e.g., no prompts, inclusion of drivers, etc.) and configure your process accordingly. 3. If virtual desktop support is required, determine how you want 
to manage license deactivation. 4. Configure Tableau Desktop license usage reporting to gather usage information for individual instances of Tableau Desktop. 5. 
Document this information, and it to your Enablement Intranet. Configure back-up and restore A Tableau Server administrator should perform daily backups of 
Tableau Server and its data. Taking these steps can help ensure that Tableau Server runs with minimum loss. 1. Review the Back-up and Restore section of 
Tableau Blueprint. 2. Learn how to use the Tableau Services Manager (TSM) command line tool to back-up and restore Tableau data, including Tableau Server's 
own PostgreSQL database, which stores workbook and user metadata, data extract files, server configuration data, and log files. 3. Define a cadence for 
performing back ups using the TSM command line tool. 4. Perform back-ups in accordance with your planned cadence. Monitor Tableau Server process status In 
order to ensure continued performance, your administrator should have a process in place for monitoring the Tableau Server process status and a documented 
plan of action for when the process is "down" or "status unavailable”. 1. Review the Tableau Server Process Status section of Tableau Blueprint. 2. Determine 
how you will monitor, at minimum, process state changes, especially "Down" and "Status unavailable". 3. Define a process on how Administrators will respond if 
a process is not running as expected (e.g., who will support the issue, where will you work the issue, how will inform affected users and keep them up to date, 
etc.). 4. If you've purchased Tableau Advanced Management, explore the Resource Monitoring Tool to gain a comprehensive look at the health of Tableau Server, 
including process status. Contact your Account Team if you're interested in Tableau Advanced Management. Monitor Backgrounder jobs The Backgrounder 
process runs server jobs, including extract refreshes, subscriptions, flow runs, and data-driven alerts. Administrators and users will want to know when these 
processes fail so corrective action can be taken. 1. Review the Built-in Alerts section of Tableau Blueprint for guidance on leveraging built-in alerts to monitor for 
background job failures. 2. Provide enablement to Administrators, and the Creator user base more broadly, on how built-in alerts can be leveraged for process 
failures, such as extract refresh failures, flow run failures, etc. 3. Provide enablement to Administrators, and the Creator user base more broadly, on how they 
can reinitiate the process manually using, in most cases, "Run Now". 4. Administrators may also want to develop similar processes using the REST API or 
tabcmd commands as a fail safe in case process owners are out of the office. 5. Document guidance on how users can review Backgrounder jobs, and post this 
information to your Enablement Intranet. Configure built-in alerts Alerts provide critical information about platform outages so you can take immediate action to 
triage the issue, communicate with users, etc. 1. Review the Built-in Alerts section of Tableau Blueprint. 2. Configure notifications about system alerts and 
failures (e.g., process status, drive space constraints, etc.) during installation. 3. Define a process on how Administrators will respond when an alert is triggered 
(e.g., who will support the issue, where will you work the issue, how will inform affected users and keep them up to date, etc.). Review performance thresholds 
Administrative views are dashboards that are included with Tableau Server or Tableau Cloud and help you understand system utilization and how users are 
interacting with content so that you can proactively monitor system activity and other scheduled tasks. 1. Review the Administrative Views for Monitoring section 
of Tableau Blueprint for guidance on monitoring performance thresholds. 2. Leverage default or custom administrative views (or utilize the Dashboard Load 
Times Accelerator on our Tableau exchange) to understand how Tableau is performing throughout the day, including background tasks to ensure they are 
executing on time. These views should be leveraged to inform real-time action as well as trend analysis. 3. Define a process on how Administrators will respond 
when real-time action is needed (e.g., who will support the issue, where will you work the issue, how will inform affected users and keep them up to date, etc.). 4. 
Enable your teams by driving best-practice awareness into existing analytics community engagements, such as user group meetings, analytics academies, and 
competitions. 5. Enact Performance Thresholds that work for your organization. Read more about this process with our blog, How to Improve Dashboard Load 
Times with People and Processes. Monitor license utilization Monitoring licenses can help you administrators monitor usage and answer questions like who is 
using licenses, which types of licenses they're using and if you need more or fewer licenses. 1. Review the Administrative Views for Monitoring section of 
Tableau Blueprint for guidance on monitoring license utilization. 2. Define a monthly cadence for reviewing license utilization details, including usage, availability, 
and upcoming expirations. 3. Review license utilization in accordance with your planned cadence. Define an upgrade process, including end-user 
communications plans Defining the when and how on upgrades across all products in the Tableau platform includes decision points around upgrade frequency, 
version selection, and version compatibility. When these areas are addressed early, administrators can better manage users’ expectations, rather than having to 
react to business demands for new features and functionality. 1. Review the Upgrades section Tableau Blueprint. 2. Define a cadence for performing platform 
upgrades, including Tableau Server, Tableau Desktop, Tableau Prep, and Tableau Bridge. 3. Develop an enablement plan to prepare users for platform upgrades. 
4. Develop a communications plan to inform users about platform upgrades, leveraging all channels available in your organization. 5. Perform upgrades in 
accordance with your planned cadence. 6. Explore Server Upgrade where Tableau experts do the heavy lifting so you can quickly and successful upgrade your 
environment and your team can produce deeper and more relevant findings by taking advantage of Tableau's newest features. Complete load test and capacity 
planning Load testing helps you understand your Tableau Server’s capacity with respect to your unique environment, data, workload, and usage profile. Capacity 
planning, by contrast, helps you ensure optimal Tableau Server performance and sufficient capacity to handle increased workloads. 1. Review the Load Testing 
section and Capacity Planning section of Tableau Blueprint. 2. Define a cadence for performing load testing. In general, this should be conducted two to four 
times a year in conjunction with upgrades and server scale-up or scale-out expansions. 3. Define a cadence for performing capacity planning. Depending on the 
size of your organization, user demand, and historical growth rates, you may need to do this at 6-month, quarterly, or monthly intervals. 4. Perform load testing 
and capacity planning in accordance with your planned cadence. Perform database maintenance Data maintenance creates free space on the Tableau Server 
deployments by deleting old files, including log files, temp files, and rows from the http_request table. 1. Review the Database Maintenance section of Tableau 
Blueprint. 2. Define a cadence for performing database maintenance. 3. Perform database maintenance in accordance with your planned cadence. Deploy 
Tableau Mobile Mobile business intelligence enables any user to make decisions no matter where they are. As a result, you should provide users with the ability 
to access Tableau from anywhere. 1. Review the Tableau Mobile Deployment section of Tableau Blueprint. 2. Gather organizational requirements for enterprise 
apps to better understand how you can control app delivery, customize the sign-in experience, configure app policies, and provide additional security and 
governance controls. 3. Document guidance on how users can leverage Tableau Mobile, and post this information to your Enablement Intranet. Install add-ons 
and extensions on Tableau Server Tableau supports a robust extensibility framework for deep and complex enterprise integrations and embedded analytics 
solutions. Define a process for how you will leverage these capabilities in your environment. 1. Review the Extensibility section of Tableau Blueprint. 2. 
Determine the extent to which you want to install add-ons and extensions to be deployed in the environment. 3. Document guidance on how users can request the 
installation of add-ons and extensions, and post this information to your Enablement Intranet. Go home 's Avatar Sign Out My Profile 's Avatar Done For best 
results, use a square image tshingombefiston@gmail.com Registrations Title Enrolled Status Completed Certificate completed Expiration Certificate expiration 
Receive notifications Exploring Aggregation and Granularity 2024-Jul-04 Completed 2024-Jul-04 -- -- -- Exploring Variables and Field Types 2024-Jul-04 Completed 
2024-Jul-04 -- -- -- Introduction to Data Literacy 2024-Jul-05 Completed 2024-Jul-05 -- -- -- Recognizing Well-Structured Data 2024-Jul-04 Completed 2024-Jul-04 -- -- 
-- Understanding Distributions 2024-Jul-04 Completed 2024-Jul-04 -- -- -- Understanding Variation for Wise Comparisons 2024-Jul-04 Completed 2024-Jul-04 -- -- -- 
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Using Correlation and Regression to Examine Relationships 2024-Jul-04 Completed 2024-Jul-04 -- -- -- Done © 2024 Tableau Terms & Conditions FAQ Tableau 
Community Forums Support Your Privacy Choices powered by Skilljar Congratulations, Tshingombe - you've unlocked a Trailblazer Rank! Inbox 
https://Ih3.googleusercontent.com/a/default-user=s40-p Salesforce Trailhead Unsubscribe Sun, Jul 7, 6:32 PM (2 days ago) to me 
https://mail.google.com/mail/u/0/images/cleardot.gif Way to go, Adventurer! Take your learning to the next level with projects. Projects give you hands-on 
practice with step-by-step instructions solidifying your knowledge. Get started Unsubscribe | Privacy Statement | View on web © 2024 Salesforce, Inc. All rights 
reserved. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States General Inquiries: 415-901-7000 This email was sent to 
tshingombefiston@gmail.com https://Ih3.googleusercontent.com/a/ACg8ocKXAkWuMsvk1UB4tteph7ml8jYFOm9hC26Hrh4GoZCA5eWrXg=s40-p-mo 
Congratulations, Tshingombe - you've unlocked a Trailblazer Rank! Inbox https://ssI.gstatic.com/ui/v1/icons/mail/profile_mask2.png Salesforce Trailhead 
Unsubscribe Sat, Jul 6, 9:32 AM (3 days ago) to me https://mail.google.com/mail/u/0/images/cleardot.gif You've unlocked Explorer Rank! Keep your Explorer spirit 
going and complete the Climb the Ranks Quest! Take the Quest Unsubscribe | Privacy Statement | View on web © 2024 Salesforce, Inc. All rights reserved. 
Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States General Inquiries: 415-901-7000 This email was sent to 
tshingombefiston@gmail.com https://Ih3.googleusercontent.com/a/ACg8ocKXAkWuMsvk1UB4tteph7ml8jYFOm9hC26Hrh4GoZCA5eWrXg=s40-p-mo Skip to 
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Application Security Basics Learn about application security and the job of an application security engineer. Skills you will gain Complete the badge to build your 
expertise. Learn More App Development and Engineering Practices Cybersecurity Products General +300 points Beginner Cybersecurity Completed 7/7/24 Get to 
Know Application Security ~15 mins Completed Learn Application Security Engineer Skills ~10 mins Completed Identify Common Application Security Threats 
~5 mins Completed https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/application-security- 
basics/161fffb8f8aa3aea0e4a881ed9689e0a_badge.png complete Completed 7/7/24 Available on the following trail Get Started with Application Security Skip to 
main content Application Security Basics Get to Know Application Security Time Estimate About 15 mins Topics Learning Objectives What Is an Application? 
The Role of Application Security Resources Challenge +25 points Get help with this badge Provide feedback for this badge Get to Know Application Security 
Learning Objectives After completing this unit, you’ll be able to: Describe what an application is. Define application security and its role in relation to application 
development. What Is an Application? If you’ve ever used a computer, you’ve used an application. To define it, an application is a computer software package that 
performs one or more tasks and enables direct user interaction. But let’s break down what that really means by looking at examples of applications and how we 
use them. Applications come in many forms such as database programs, web browsers, email clients, spreadsheets, media players, word processors, and 
image/photo editing software to name a few. Each of these software packages allows a user to interact directly with the application. For example, when you use 
word processing software, you interact directly with the application when you type, delete, or copy and paste text. And, you interact with applications in different 
ways—whether it’s on a computer using a photo editing software package like Photoshop, interacting with a mobile app on your smartphone, or conducting 
business transactions on a web-based banking application. That’s pretty straightforward, right? There are two ways developers create applications. They develop 
proprietary code that is not shared outside of an organization, or they develop code through open source projects, which are designed and developed in a public, 
collaborative manner with developers working together. Open source applications grant developers the right to use, study, and change the software, thus 
allowing it to be adapted and applied to a variety of use cases. There is an entire community dedicated to developing open source projects. As someone who may 
be interested in becoming an application security engineer, contributing to open source projects is a great way to get practical experience in application 
development and security while sharpening and proving your skills. As a result, you will better understand how applications are developed and function, and 
start to understand the role of application security in the coding and software development lifecycle. The Role of Application Security In an organization’s 
technology stack, the application layer is the closest layer to the user. It allows interaction with the user and therefore provides the largest attack surface for 
intruders. Because of this, a relatively large number of security breaches are the result of application vulnerabilities. Applications can also provide a treasure 
trove of personal data an attacker would love to steal, tamper with, or destroy, including personally identifiable information (Pll) such as names, national 
identification data (such as Social Security numbers), and email addresses. This means protecting applications is a key part of cybersecurity, in order to 
minimize the risks of data loss and the resulting negative financial, reputational, privacy, or legal impacts for an organization and its customers. Application 
security engineers need to think like an attacker to understand how an application could possibly be misused, while also ensuring that input provided by 
legitimate users is sanitized, validated, and processed safely by the application. Application security engineers focus on protecting applications in order to 
prevent attackers from gaining access to sensitive data. Since it is much easier and less expensive to find security flaws in the early stages of software 
development, application security engineers should gather security requirements before any design or development work begins. An engineer is looking through 
a magnifying glass at a bug on a laptopApplication security engineers work with development teams and business units to help design, create, document, code, 
test, deploy, and maintain secure applications. The process of designing and building applications is known as the software development lifecycle (SDLC). 
Application developers are responsible for the documentation and programming (coding) steps in this process. They write the source code that causes an 
application to carry out its desired tasks. Application security engineers partner with application developers and others throughout the SDLC to protect 
applications by diagnosing, documenting, and remediating application security vulnerabilities. Typically in an organization, an application developer's main 
objective is to produce working code as quickly as possible to meet business requirements. As a result, writing secure code is sometimes an afterthought. This 
is where application security engineers can be super helpful by building security into the development process so that sensitive data remains protected. In doing 
so, they aim to ensure that an application provides what is commonly referred to as CIA: confidentiality, integrity, and availability. For example, application 
security engineers help developers design and deploy the application in a way that requires proper authentication (to protect the confidentiality of data), transfers 
sensitive information securely to prevent it from being modified (integrity), and ensures that users can access their data (availability). Application security 
engineers are often embedded within an application development team and serve as advisers to designers and developers. They ensure that application 
requirements include security considerations, they suggest secure authentication protocols during the design phase, they implement code reviews to check for 
common security vulnerabilities, they test applications before deployment, and they advise on the timing and methods for patching vulnerabilities. In this unit, 
you learned what an application is and how application development and security functions work together in practice. In the next unit, you learn about the 
business impact of application security, the skills application security engineers need, and common application security scenarios. Resources External Site: 
VMware: What is application security? Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/application-security- 
basics/161 fffb8f8aa3aea0e4a881ed9689e0a_badge.png Application Security Basics 100% Progress: 100% View more modules Skip to main content Application 
Security Basics Learn Application Security Engineer Skills Time Estimate About 10 mins Topics Learning Objectives The Impact of Application Security on 
Businesses Application Security Engineer Skills Common Application Security Scenarios Sum It Up Resources Challenge +25 points Get help with this badge 
Provide feedback for this badge Learn Application Security Engineer Skills Learning Objectives After completing this unit, you’ll be able to: Explain the impact of 
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application security on business. List the key skills needed to become an application security professional. Describe common application security scenarios. The 
Impact of Application Security on Businesses Inadequate application security can have huge negative consequences for an organization. Cyber intruders attack a 
variety of organizations every day in the hope of enriching themselves by extracting money, corporate information, and intellectual property. Attackers use the 
hijacked data to make unauthorized purchases and steal consumers’ identities. If you follow the news, you know that attackers have successfully compromised 
applications to access data stored in the computer systems of retailers, credit reporting companies, airlines, entertainment companies, government offices, 
schools, and many other organizations. In one case, a hotel chain was breached by a foreign country. In another case, a SQL injection attack, which we’ll cover 
later, installed spyware on a company’s computers which exposed customer credit card information. In multiple cases, intruders stole credit card data by taking 
advantage of weak data encryption systems. In total, these attacks exposed the personal information of hundreds of millions of customers. These security 
breaches resulted in direct economic impacts from fraud and theft, but a security breach can also yield indirect economic impacts, like the loss of reputation. 
This can produce additional financial consequences on the business due to a loss of customers, reduced shareholder trust, and damaged brand image. Security 
breaches can also have legal and regulatory ramifications that result in fines and sanctions. Application security engineers have a critical role to play in ensuring 
that customer data is adequately protected by business applications. Because the role of an application security engineer is so important, they need to have a 
wide range of proficiencies. Let’s dig into this a bit more to see what skills an application security engineer needs. Application Security Engineer Skills Imagine 
that you’re going to fly to a distant island for a tropical vacation. Before you board your airplane, you must pass through multiple airport security checkpoints. 
Security personnel check your ID and boarding pass, you walk through a metal detector, your luggage is X-Rayed, you pass airport security dogs, and security 
guards monitor TV screens to watch for unusual activity. These are layers of security at the airport to ensure that you enjoy a safe trip to your destination. Similar 
to the security personnel at an airport, an application security engineer must be aware of attacker entry points and provide the necessary safeguards against 
vulnerabilities at each phase of the application’s development and deployment. Airport security personnel check travelers and luggage Reports from security 
associations (ISC)? and Information Systems Security Association International (ISSA) discuss the cyber security skills shortage that has been growing for years. 
An increase in security incidents has led organizations to report an acute need for application security professionals to protect applications and data. In light of 
this and the fact that application security engineers require more training, an application security engineer can often earn more money than application 
developers. Application security engineers employ various techniques at different stages of an application’s software development lifecycle (SDLC) to uncover 
security vulnerabilities. In order to do this, an application security engineer must have a good grasp of many technical skills, which include: Threat modeling: 
Think about how attackers can compromise a system and what protections are needed against them Secure Software Development Life Cycle (SSDLC): Help 
developers write secure code that minimizes vulnerabilities by implementing secure coding standards, techniques, and best practices Security code reviews: 
Identify security vulnerabilities in source code before an application is deployed to production Vulnerability testing and analysis: Discover weaknesses once an 
application is deployed and advise development teams on remediation Since application security engineers work with various people (application developers, 
testers, designers, and others), they need to be good collaborators and communicators. They also need to be good writers since they generate documents that 
explain their technical findings. In some cases, they need to use their persuasive powers to convince management why a certain security feature should be 
installed before an application is deployed. Often, they must use their critical thinking skills to determine the various ways that an intruder would try to attack an 
application. Then they need to find creative solutions to thwart potential attacks. If an intrusion occurs, they investigate the incident to help identify the source of 
the compromise and harden the application against future attacks. On top of the skills listed above, the following certifications can bolster an application security 
engineer’s knowledge. GIAC Web Application Defender (GWEB) Certified Secure Software Lifecycle Professional (CSSLP) Secure Software Practitioner (SSP) 
Certified Application Security Engineer (CASE) Advanced Web Attacks and Exploitation If you’re considering a career as an application security professional, 
earning a college degree in computer science is a good way to start on that path. Application security engineers will often start out as application developers and 
then transition into the cybersecurity field. Also, multiple colleges offer degrees in cybersecurity. It’s definitely an exciting field with many opportunities. Now that 
you know about the skills you need to be an application security engineer, let's look at what common security scenarios an application security engineer 
encounters and how to protect applications in these situations. Common Application Security Scenarios Cybercriminals look for the easiest access to steal, 
modify, or destroy data that requires the least amount of effort and provides the biggest payback. The more complex an application is, the higher the probability 
that it contains security vulnerabilities. Applications, especially web applications, are targets of cybercriminals because they present a large and relatively easily 
exploitable attack surface (the user interface) that can allow an intruder to access sensitive information stored on a computer. Also, intruders do not need any 
special tools to attack a web application. All they need is a computer and an Internet connection. While attackers are trying to figure out how to infiltrate an 
application, application security engineers are focused on minimizing vulnerabilities in application code and ensuring application components are securely 
configured in order to prevent unauthorized access to customer accounts and data. A valuable resource to consult when reviewing applications security risks is 
the Open Web Application Security Project (OWASP). OWASP is an international organization that provides freely available information focused on improving 
software security. So, what are some common risks an application security engineer may encounter? An injection attack is a good example and occurs when 
there is improper sanitization of application inputs. In an injection attack, an intruder inserts code, instead of expected input data, into the applications input 
handling logic (the code that manages communication between an end user interface and a database). If the application is written incorrectly, the application will 
run the code that the attacker injects. For example, structured query language, known commonly as SQL, could be entered into an email address field on a web 
page. SQL is a language used in programming and is designed to manage data. If there is no check on the input field, an attacker might be able to extract 
information (like health records) from the application’s database by using the SQL code. To sanitize a user’s input, an application should ensure that the 
application handles user input as data instead of commands and includes only allowlisted characters (an allowlist is a list of characters that are granted access 
to a system). When an allowlist is used, all other entities are denied access, except those included in the allowlist, and those that don’t exceed the maximum data 
field lengths. Other responsibilities of application security engineers are reviewing, testing, and verifying code during the development process to ensure user 
inputs are properly sanitized in order to help prevent against the injection attack described above. This is especially critical in the context of agile software 
development, which seeks to deliver application functionality faster than other development methods. But the agile method adds complexity because it requires 
continuous updating of applications to keep up with end-user expectations. Developers are expected to provide new features and fix discovered bugs at a rapid 
pace. Applications must be hardened to prevent exploits, and it's the application security engineer’s job to advise the development team on the most efficient way 
of doing so. Weak, or nonexistent, encryption is another prevalent application security shortcoming that can allow attackers to expose sensitive data. 
Applications are vulnerable when they use protocols like HTTP that transmit data as clear text. Instead, applications should use secure protocols like HTTPS that 
encrypt data transmissions, so the data can’t be read without the proper decryption key. Old, weak encryption algorithms and internally developed encryption 
functions should be avoided. Instead, application security engineers should rely on secure, standards-based encryption algorithms. Application security 
engineers help developers follow a Secure SDLC process. They adopt secure application design and architecture techniques based on well-known security 
practices, which include providing strong authentication and authorization and employing secure session management to prevent unauthorized access. 
Application security engineers deploy applications that prevent users from logging in with default credentials, since this is a common attack vector. They sanitize 
user input to hinder injection attacks. Some data breaches have succeeded due to weak encryption, so application security engineers use strong algorithms with 
appropriate encryption key management to encrypt data transmissions and stored data (data at rest). Then if attackers infiltrate the system, they can’t extract any 
useful information since they won’t know how to decrypt the data. Application security engineers ensure that errors are handled properly so that no sensitive 
information is released to the user. They also perform static and dynamic application security testing during and after application development and monitor the 
application for any unusual activity after deployment. Sum It Up In this unit, we covered how an application security breach can impact a business, what skills 
application security engineers need, and explored common application security scenarios. Next, let’s discuss the first step every good application security 
engineer takes: identifying the applications in their environment, and their associated risks. Resources External Site: OWASP: OWASP Top 10:2021 External Site: 
SANS: Application Security: Securing Web Apps, APIs, and Microservices External Site: EC-Council: Certified Application Security Engineer (CASE) Quiz 
Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/application-security- 

basics/161 fffb8f8aa3aea0e4a881ed9689e0a_badge.png Application Security Basics 100% Progress: 100% View more modules Skip to main content Network 
Security Basics Understand Network Security Time Estimate About 10 mins Topics Learning Objectives What Is a Network? How People and Devices Access a 
Network Understand Network Security Knowledge Check Resources Challenge +50 points Get help with this badge Provide feedback for this badge Understand 
Network Security Learning Objectives After completing this unit, you’ll be able to: Describe what a network is. Identify ways people and assets access a network. 
Explain network security engineering. What Is a Network? A network is a fabric of interconnected elements that are related to each other. We encounter a variety 
of networks on a daily basis. Networks allow us to travel, to connect with other people, to view entertainment content, to collect and disburse information, and so 
much more. Similarly, a computer network connects two or more computers with various devices in order to share resources among people and other 
computers. Computer networks consist of many devices: servers, routers, computers, printers, scanners, and so on. We access computer networks to check 
social media, read email, review our bank account balance, and perform countless other functions. In this module, we get to know Jim and Florence who are 
network security professionals. We learn about their job responsibilities, plus the skills they need and the tools they use to protect computer networks from 
potential security threats. A phone, tablet, laptop, and desktop are connected to a Wi-Fi network. How People and Devices Access a Network Because we live in 
an interconnected world, it’s important to understand how computer network access works. It’s also imperative that we protect these networks since we rely on 
them every day. Let’s look at how encryption and authentication help to protect networks. Some computer networks are public and some are private. A public 
computer network allows anybody to connect to it. You access a public computer network whenever you connect to a Wi-Fi hotspot at a coffee shop or inside an 
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airport. A private computer network has restricted access. It allows only certain people and devices to connect to it. In this way, a private network regulates who 
and what can access its resources. Businesses operate private networks that allow their employees to communicate with each other and access internal, 
company-related information. Since we don’t want just anybody to access our personal information, like our bank account balance, websites use authentication 
and encryption to protect network access and data transfers. To check your account balance, your bank requires that you prove who you are—this is 
authentication. Encryption converts data from standard text into coded data that is not humanly readable. This ensures that nobody else can retrieve your private 
data that is being transmitted across a public computer network. Websites use encryption to protect the information that’s passed between your device, for 
example, your cell phone and your bank. Many websites use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt data. Now let’s check in with Florence. 
She’s a network security engineer at a large bank that serves customers in multiple countries. Part of Florence’s job is to ensure that only an authorized account 
holder can access his or her account. Her bank adopted an authentication process that requires the account holder to provide a username and password, or a 
debit card and a PIN (personal identification number), to log in to their account. Florence also implemented multi-factor authentication, known as MFA. To access 
their account with MFA, a customer provides their username/password and is then required to verify their identity with an additional authentication factor, such 
as an authenticator app or security key. MFA provides an added layer of security that helps prevent unauthorized access to bank accounts. Understand Network 
Security We expect computer networks to be available and secure 24 hours a day so we can access them whenever and wherever we want. When computer 
networks are unavailable, it affects how we conduct our daily lives. If your bank’s computer system is unavailable, you may be unable to pay your bills (ouch!) or 
transfer funds to the appropriate account. Because of the massive amount of personal, health, financial, and other data stored on computer networks, securing 
public and private computer networks is essential. As a result, network security professionals build multiple layers of security into their computer systems to 
provide what is commonly referred to as CIA: confidentiality, integrity, and availability. Many types of people may try to gain unauthorized access to a computer 
network. These range from hackers who want to gain access for fun or fame, to cybercriminals who want to steal money and information, to cyberterrorists who 
want to disrupt and damage. As a network security engineer at a medical clinic, Jim knows health records are a prime target for cybercriminals. Any security 
breach can have legal and regulatory ramifications resulting in fines and sanctions. To minimize those risks, Jim uses hardware and software tools that provide 
added layers of protection for patients. While Jim is aware that external cybercriminals want to attack his systems, he knows that threats can also arise internally 
from intentional and unintentional actions by employees or other authorized users. This can arise from a malicious insider (like a disgruntled employee) or 
accidental deletion by an uninformed user. Because of this, it’s critical that he knows his system configuration and typical usage patterns so he can recognize 
potential security threats. In many cases, internal attacks are often accidental occurrences, so the best way to deal with them is through cybersecurity education 
and awareness for all employees. Stadium ticket takers check tickets as sports fans wait in line. In the end, it’s the network security professional’s job to ensure a 
computer system’s CIA by keeping out unwanted intruders while providing authorized access to those who need it. Network security professionals are not 
always the most popular people in an organization because the security measures that they employ can make network access a bit of a challenge. Think of their 
job as being similar to a stadium ticket taker. This person causes a slowdown in the stadium entry process that can result in ticket holders having to wait in line. 
But the ticket takers fill an important role by ensuring that each person who enters the stadium has a valid ticket. Knowledge Check Ready to review what you’ve 
learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the function in the left column to the matching 
category on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset. Great job! Network security 
is critical to the safety and security of the data (customer data, financial information, health records, intellectual property, and so on) that is stored on a network. 
It’s a big job, but somebody needs to do it. Are you up for the task? Resources External Site: Fortinet: What is Network Security? Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/network-security-basics/337367ece104e355f60927c917349428 _badge.png Network 
Security Basics 100% Progress: 100% View more modules Skip to main content Healthcare Cybersecurity Basics Describe the Healthcare Technology 
Landscape Time Estimate About 10 mins Topics Learning Objectives What Is Healthcare Technology? Goals of Healthcare Organizations Key Healthcare 
Technologies Healthcare Cybersecurity Terminology Knowledge Check Sum It Up Resources Challenge +25 points Get help with this badge Provide feedback for 
this badge Describe the Healthcare Technology Landscape Learning Objectives After completing this unit, you’ll be able to: Describe the healthcare technology 
landscape. Identify the main goals of healthcare industry organizations. Define key healthcare technologies. Define key cybersecurity terms used in the 
healthcare industry. What Is Healthcare Technology? Most people use healthcare technology (healthtech) every day even if they don’t know it. From wearable 
devices such as smartwatches that track heart rate to the Internet of Things (loT) to track insulin levels in diabetes patients, healthtech’s use is widespread and 
continues to grow at a rapid pace. But what is healthtech and why is it important? Healthtech is the use of technologies developed for the purpose of improving 
all aspects of healthcare. These technologies include digital devices, software, and tools designed to support healthcare organizations, doctors, and patients, 
with the goal of enabling people to access, exchange, and manage healthcare information electronically. A woman holds a mobile phone with a first aid kit 
symbol, and is surrounded by circles depicting a smartwatch with a blood pressure measurement. Healthtech improves patients’ quality of care by increasing the 
productivity and efficiency of hospitals and other healthcare organizations. By turning over recurring and monotonous tasks to powerful computers, the 
technology lessens the burden on healthcare professionals and allows them to focus their goals on improving healthcare for all. Goals of Healthcare 
Organizations When it comes to quality healthcare, there’s no one-size-fits-all approach. In fact, personalization and customization are key as no two people are 
alike. Tailoring everything from medication to exercise regimens amplifies human health. Healthtech is such a transformative practice that its impacts are 
causing a lasting change across the globe. In general, healthtech aims to: Improve the patient experience. Improve people’s health. Reduce the per-person cost of 
healthcare. Healthtech supports these aims by expanding options for medical treatments while transforming how medical professionals execute their jobs. It also 
provides patients with tools for managing their health independently and together with their healthcare practitioners. As an enabler of the medical profession 
principle, “First, do no harm,” healthtech introduces new technologies that, when properly secured, increase patient health by reducing medication errors and 
improving compliance. For example, pharmacists can use healthtech to improve patient safety by identifying prescription drug conflicts through data correlation 
of a patient’s allergies with prescribed medications. Healthcare practitioners can use healthtech to access and update patient health records and exchange 
patient care data with colleagues rapidly for collaboration efforts, secondary opinions, and evaluations. Key Healthcare Technologies Healthtech is already 
becoming integrated into every fabric of the healthcare industry from administrative processes to cancer research and drug development. Healthcare 
practitioners can leverage these technologies to make the patient experience as painless as possible while improving overall human health. Let’s take a closer 
look at some healthtech applications in the areas of administrative processes, drug development, surgery, loT, and telehealth. Administrative Technologies 
Administrative technologies allow hospitals and healthcare organizations to manage their growing administrative workloads and tasks such as scheduling and 
documenting patient care. Let’s look at a few of these technologies. Artificial intelligence (Al) streamlines patient workflows by calculating wait times and 
predicting peak busy hours thus enabling improved scheduling and prioritization of appointments. Electronic medical records (EMR) emulate a patient’s paper 
chart and contain the patient’s medical and treatment history from one medical practice into a digital version. Electronic health records (EHR) contain the totality 
of a patient’s health record, consist of the patient’s EMR from multiple doctors, and represent a long-term view of a patient's health in digital form. Drug 
Development Technologies The pharmaceutical industry leans heavily on Al and machine learning (ML) to power a new wave of drug research and development 
by automating manual tasks such as combining certain chemicals to create the optimal drug. Surgical Technologies Surgical and recovery times are drastically 
reduced thanks to numerous technologies. Let’s look at a few common applications. Robotics removes the dependence of solely onsite doctors for care. Robotic 
surgical assistants are often used in tandem with an onsite doctor to perform processes from non-invasive procedures to open-heart surgery. Virtual reality (VR) 
allows aspiring surgeons the use of augmented VR (a real-life view of an experience projected onto a screen) to gain experience on conducting several different 
types of surgeries or practicing new surgical techniques. Three-dimensional (3D) printing increases the number of available organs for transplants. 3D printing is 
changing the world of organ transplants by allowing for the substitution of certain organs and artificial tissue with 3D printed solutions to replace or repair 
damage or structures in the body. loT Technologies loT consists of a network of internet-connected objects able to collect and exchange data. The technology 
offers new opportunities for healthcare professionals to monitor patients, as well as patients to monitor themselves. Some examples of these health monitoring 
devices include connected inhalers and glucose monitoring. Connected inhalers help treat conditions such as asthma by monitoring a patient's frequency of 
attacks and collecting environmental data for their healthcare provider to understand what triggered the attack. These inhalers also alert patients if they leave 
inhalers at home or when they use the inhaler improperly. Glucose monitoring in diabetic patients has traditionally been difficult. Patient's have to manually 
check and record their glucose regularly often at inconvenient times. These checks typically represent a snapshot in time. loT devices for glucose monitoring 
provide continuous, automatic monitoring of glucose levels and eliminate the need for manual record keeping, while alerting patients when their glucose levels 
are problematic. Remote Patient Monitoring and Telehealth These are probably the most common applications of healthcare loT devices. These devices 
automatically collect health metrics such as heart rate, blood pressure, or temperature from implanted or wearable medical devices from patients not physically 
present in a healthcare facility. Software applications manage, save, and forward the collected data to a medical professional anywhere in the world where an 
internet connection and access to the application exist. A person appears with a cochlear implant for improved hearing, a pump to supply insulin, and a 
pacemaker signaling the heart to beat Healthcare Cybersecurity Terminology With all these advancements in healthtech, cybersecurity has become more vital 
than ever for the healthcare sector. Yet cybersecurity threats to the healthcare industry are rapidly on the rise. Financially motivated criminal organizations and 
other threat actors continue to target the healthcare industry with ransomware attacks and data theft, which puts patient safety and privacy at risk. It’s therefore 
critical to view cybersecurity as a patient safety issue, enterprise risk, and strategic priority. Before we dive a bit deeper into these threats and risks, let’s learn 
about a few cybersecurity related terms the healthcare industry uses. Term Definition Protected health information (PHI) The demographic information, medical 
histories, test and laboratory results, insurance information, and other data that a healthcare professional collects to identify an individual and determine 
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appropriate care Healthcare breach The unauthorized access of PHI Ransomware A malware attack that targets critical business systems; encrypts files, 
servers, and databases; and demands a ransom to unencrypt them and restore access Medical device hacking (Medhacking) The practice of manipulating or 
disrupting a network-enabled medical device with the intent to gain unauthorized access to the device or data it stores. Medical device hijacking (Medjacking) A 
more malicious form of medhacking where cybercriminals hijack medical devices to take control of the device’s functions and manipulate its operation to cause 
harm to the patient, disrupt healthcare operations or other malicious purposes. Multi-factor authentication (MFA) An authentication method requiring two or more 
verification factors to access a resource Denial of service (DoS) An attack meant to shut down a machine or network, making it inaccessible to its intended users 
Data loss prevention (DLP) Software that detects and prevents potential data breaches/data exfiltration attempts by monitoring, detecting, and blocking sensitive 
data while in use, in motion, and at rest Patching A modification to a software program to improve or fix its security or performance Encryption The process of 
converting data to an unrecognizable or “encrypted” form Supply chain risk management The process of focusing on the risk management of external suppliers, 
vendors, logistics, and transportation Knowledge Check Ready to review what you’ve learned? The following knowledge check isn’t scored—it’s just an easy way 
to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit 
to check your work. If you’d like to start over, click Reset. Great work! Sum It Up You now have a better understanding of the role healthcare technology plays in 
patient care. In Unit 2, you learn about some of the cybersecurity threats to the healthcare industry, common threat actor tactics, and how you can protect 
healthcare technologies. Resources External Site: International Business Machines Corporation (IBM): What is healthcare technology? External Site: Health 
Insurance Portability and Accountability Act of 1996 (HIPAA) Journal: Healthcare Cybersecurity External site: Health-ISAC: Partnered Report: Healthcare 
Cybersecurity Benchmarking Study 2024 Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/healthcare- 
cybersecurity-basics/614937fd892bfc0a1ec6595928d1b41a_badge.png Healthcare Cybersecurity Basics 100% Progress: 100% View more modules Check your 
email to verify your account. Just so you know, you can only log back in once you confirm your email. Close Leave Feedback30Days left in trial Skip to 
NavigationSkip to Main Content Sales - - - Guidance Center - - - - 8 new notifications - Sales HomeLeads Accounts Contacts Opportunities Calendar 
ForecastsDashboards Reports Quotes Home Seller HomeGood afternoon, tshingombe tshitadi. Let's get selling! Close Deals Opportunities owned by me and 
closing this quarter R 541K Total Pipeline R 466K Open R 69K Won R 6K Lost View Opportunities Plan My Accounts Accounts owned by me 3 Accounts 3 
Upcoming Activity 0 Past Activity 0 No Activity View Accounts Grow Relationships Contacts owned by me and created in the last 90 days 7 Contacts 6 Upcoming 
Activity 0 Past Activity 1 No Activity View Contacts Build Pipeline Leads owned by me and created in the last 30 days 6 Leads 4 Upcoming Activity 1 Past Activity 
1 No Activity View Leads My Goals Set personal weekly or monthly goals for emails, calls, and meetings. Set Goals Meetings Calls Emails Time Frame Today's 
Events Looks like you're free and clear the rest of the day. View Calendar Today’s Tasks Sync Up (Sample) Today Sync Up (Sample) Sarah Loehr (Sample) View 
All Recent Records User tshingombe tshitadi Salesblazer https://www.salesforce.com/blog/wp-content/uploads/sites/2/2024/07/Channel-Management.jpg Reap 
the Rewards (and Avoid the Risks) of Channel Management in Sales (Link opens in new window) Learn how to expand your reach into new markets with the right 
channel partners. 9 minute read More Seller Tips linkNewWindowAssistiveTextLabel - Conversation opened. 1 read message. « Skip to content Using Gmail with 
screen readers - - 41 of 6,716 « Trailhead Case 01221201: Engineering manager information, recruitment design data base criminel source d, 
ref:!00DF00gZsu.!500KV02iaxwK:ref « Inbox - https://ssl.gstatic.com/ui/v1/icons/mail/profile_mask2.png Trailhead Help Sun, Jul 7, 10:07 PM (2 days ago) to me 
https://mail.google.com/mail/u/0/images/cleardot.gif Thank you for reaching out to the Trailhead Help team. We’ve opened case #01221201 to handle your request. 
We'll be in touch soon!. While you wait, check out these helpful resources on Trailhead Help. Regards, Trailhead Help ------ Your Question/Comment ------ Share as 
much detail as possible and, if applicable, include links.databse criminals design tableaux resolve criminals,relation vehicle incidence scenario methode 
research , collision , induction database system https://Ih3.googleusercontent.com/a/ACg8ocKXAkWuMsvk1UB4tteph7ml8jY FOm9hC 26Hrh4GoZCA5eWrXg=s40- 
p-mo Trailhead Case 01221195 : Kananga5# [ ref:!00DFO0gZsu.!500KV02iaxvq;:ref ] Inbox https://Ih3.googleusercontent.com/a/default-user=s40-p Trailhead Help 
Mon, Jul 8, 5:23 AM (1 day ago) to me https://mail.google.com/mail/u/0/images/cleardot.gif Hi tshingombe tshitadi, Thanks for reaching out to the Trailhead help 
team. We’ve closed this case 01221195 because you have another case opened for this question. Rest assured that we will take action on your original case as 
soon as possible in the order it was received, generally within 2 business days. However, if you've submitted a case regarding your suspended exam, please 
allow us 7-10 business days, due to the high case volumes, to get to your case. Your patience is highly appreciated. Did you know that you can collaborate with 
your fellow Trailblazers on hands-on challenges? It's true! Check out #Trailhead Challenges on the Trailblazer Community and join the conversation today! 
Regards, Trailhead Help Skip to main content The Energy and Utilities Industries Get to Know the Energy and Utilities Industries Time Estimate About 5 mins 
Topics Learning Objectives The Energy Industry at a Glance Energy and Utilities Industry Outlook Key Industry Terms Summary Resources Challenge +25 points 
Get help with this badge Provide feedback for this badge Get to Know the Energy and Utilities Industries Learning Objectives After completing this unit, you’ll be 
able to: Describe the energy and utilities industry. Discuss the current energy and utilities industry outlook. The Energy Industry at a Glance Before the industrial 
revolution, our energy needs were modest. For heat, we relied on the sun, or we burned wood and straw. For transportation, horses gave us mobility, and wind in 
our sails helped us explore the world. For a hundred years, energy consumers had one option for service. Utility companies didn’t have to compete for 
customers, and customers couldn’t shop around for utility services. Utilities offered one service, electricity, and everyone wanted it. Today, many customers have 
different options, including the type and source of energy they buy, and whom they buy it from. They can shop for rates and energy-efficient appliance rebates to 
suit their energy needs. In a deregulated market, customers enjoy greater freedom in shopping for utility services, because deregulation increases competition, 
and competition multiplies customer choice. This means multiple utility companies compete to provide better services to customers. As they say, competition in 
a market is always good for customers. Add customer demand to this. Today’s customer expects to engage their utility provider for other reasons, not just to 
report outages to the call center. Customers now want digital services such as: Status updates through social media Online bill payment Incentives and offers 
over self-service mobile channels In fact, customers want to be informed through all available communication channels, such as text, email, and social media. 
They no longer depend solely on utilities for their energy needs, because they can get their energy from non-utility companies too. For instance, some tech and 
automobile companies are also offering utility services to consumers like never before. Consumers can also generate electricity themselves by using solar 
panels and wind turbines. So, utilities aren’t only competing with non-utility companies but also customers to own the energy-customer relationship. Most of the 
earth’s population relies on electricity, gas, and water supply. For this reason, the opportunities to serve billions of customers with better and faster services are 
endless. Energy and Utilities Industry Outlook The global energy and utilities industry includes three major categories of natural resources: electricity, natural 
gas, and water. The industry is responsible for the safe, secure, reliable, and sustainable generation, transmission, and distribution of these resources. The key 
industry segments are: Generation Transmission and distribution Customer or retail Water distribution Natural gas transmission and distribution A power plant, 
solar panels, windmills, transmission tower, and a house. A value chain is the complete set of activities starting from energy generation, transmission, 
marketing, and finally distribution to retailers and customers. An efficient value chain creates economic value for customers, employees, and society at large. 
You need a robust distribution network to guarantee a stable supply of energy to customers. Energy production, marketing, and promotion are activities that are 
now open to competition. However, power distribution is still a cost-managed monopoly business in most parts of the world. Government-owned entities usually 
manage the power distribution business, which has a slightly different value chain compared to the privately managed ones. Renewable energy has been gaining 
momentum in the electricity industry as the infrastructure and logistics for generating electricity from renewable sources become cheaper and more accessible. 
Renewable energy uses naturally replenished sources, such as the sun, wind, water, the earth’s heat, and plants. Renewable energy plays an important role in the 
world’s energy security and in reducing greenhouse gas emissions. The energy and utilities industry faces several challenges, such as: New and more stringent 
regulations Nuclear vulnerability in some countries Security-related issues around the transport of raw materials To grow in these conditions, companies must 
digitally transform, reorganize, and change their action plans. This means investing in new technologies and methodologies, including information analytics. Key 
Industry Terms Before you move on, learn about the common industry terms. Click each term to learn more. Summary In this unit, you learned about the energy 
and utilities industry in general and the various industry segments. You also discovered the key terms used in the energy and utilities industry. In the next unit, 
you learn about the various types of utility, energy, and waste companies in detail. Resources External Site: A Short History of Energy Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/the-energy-and-utilities-industries/434f49fb94ae8d24407b3de26e31f186_badge.png The 
Energy and Utilities Industries 100% Progress: 100% View more modules Skip to main content The Energy and Utilities Industries Explore Types of Utility, 
Energy, and Waste Companies Time Estimate About 10 mins Topics Learning Objectives Utilities Basics Types of Utility, Energy, and Waste Companies Summary 
Challenge +25 points Get help with this badge Provide feedback for this badge Explore Types of Utility, Energy, and Waste Companies Learning Objectives After 
completing this unit, you’ll be able to: Identify the different types of utilities. Describe the types of utility, energy, and waste companies. Utilities Basics Take a 
look at the three types of utility products and how utility companies work to produce the products and transport them to customers. Electricity Electricity starts 
with generation. Traditional power generators are utilities that produce electricity from fossil, nuclear, and renewable energy sources. This image shows the 
electricity production and distribution process. The electricity production and distribution process. After power is generated, it’s often transformed from low to 
high voltage, so that transmission lines can efficiently carry it over long distances. When power nears its final destination, distribution transformers convert high- 
voltage power back to low voltage and deliver it to customers at end usage points. Some large commercial and industrial customers draw power directly from 
transmission lines. In some markets, customers create their own power using distributed energy resources (DER) systems. DERs are small-scale power 
generation or storage systems located close to where the electricity is used, such as in a home or business. Energy retailers, also called vertically integrated 
utilities depending on the market, sell electricity to customers. Some customers generate and store their electricity on-site with photovoltaic (PV) solar panels, 
electric vehicles (EV), and microgrids. They can also sell their energy back to utilities. Gas Natural gas is a nonrenewable hydrocarbon gas used as a source of 
energy for heating, cooking, and electricity generation. The natural gas production journey involves several complex stages. First, companies extract fossil fuels 
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and biofuels. Next, they process the fuels using odorification, compression, metering, and finally liquefaction. Lastly, companies sell the processed gas to the 
commodity market. This image shows the production and distribution process of natural gas. The natural gas production and distribution process. Transmission 
networks move high-pressure gas to large industrial customers, gas-powered electricity generators, or storage. Storage facilities hold the gas reserves. 
Distribution companies receive gas from transmission companies and deliver it to their customers. Depending on the market, distribution companies sometimes 
operate as a regulated monopoly or a competitive retail company. In a competitive gas market, retailers and gas suppliers sometimes purchase gas from the 
distributors and pay them to ship it to the customer's premises. Water In this image, observe how water is sourced and distributed to customers. The image also 
shows how utilities collect wastewater from customers and send it for treatment. The water-sourcing and distribution process. Utilities source water from rivers 
and reservoirs, water-treatment plants, and service reservoirs by abstraction and treatment. They store the treated water in storage facilities before transporting 
it to customers. Similar to gas, in a deregulated water market, a retailer or utility company purchases water from the distributor and pays them to ship it through 
a clean water network for household or commercial consumption. The retailer has contracts with the customer and is responsible for billing water consumption 
and waste discharge. Wastewater is sent back into the system through a wastewater network for treatment and storage at sewage or sludge-treatment facilities. 
Types of Utility, Energy, and Waste Companies Now that you know more about how utilities function, examine the players that serve the utility service needs of 
customers. This section focuses on the electricity industry, but the gas and water industries have similar counterparts. Power Generation, Transmission, and 
Distribution Companies Power generation, transmission, and distribution companies specialize in creating, transmitting, and distributing energy and utilities. A 
power plant, electricity transmission tower, electricity distribution pole, and a transformer. Power generation companies generate electric power from primary 
sources of energy, such as solar, wind, nuclear, coal, oil, and natural gas. For utilities in the electric power industry, power generation is the stage before storage 
or delivery to customers through transmission, distribution, and so forth. Transmission companies specialize in the bulk movement of electrical energy from a 
generating site to an electrical substation. At this point, distribution companies take over using interconnected lines known as a transmission network. The 
combined transmission and distribution network is commonly known as the Grid in North America and the National Grid in the United Kingdom, India, Tanzania, 
Myanmar, Malaysia, and New Zealand. Transmission companies are often combined with or serve as distribution companies. Distribution companies deliver 
electric power by carrying electricity from the transmission system to individual customers. Distribution substations connect to the high-voltage transmission 
system and use transformers to lower the transmission voltage to medium voltage ranging between 2 kV and 35 kV. Electric Suppliers and Retailers Electric 
suppliers and retailers are companies that buy electricity from the commodity market and sell it to customers. In many countries, the electricity market has been 
deregulated to open up the supply of electricity to competition. The role of electricity retailing has changed from administrative in integrated utilities to revenue- 
generation and risk-management in today’s competitive electricity market. Electricity retailers now offer their customers fixed or variable prices for electricity 
and manage the risk involved in purchasing electricity from spot markets or electricity pools. In a deregulated market, also called a competitive or liberalized 
energy market, customers can: Choose from several competing electricity suppliers. Purchase electricity sourced from renewable energy sources, such as wind 
or solar. Buy other related products and services. Electric Cooperatives Electric cooperatives (co-ops), are private, nonprofit utility businesses owned by the 
customers they serve. Co-ops provide at-cost electric service and are governed by an elected board of directors. The two types of cooperatives include 
distribution cooperatives and generation and transmission (G&T) cooperatives. Distribution cooperatives deliver electricity to their member-owners. G&Ts 
provide wholesale power to distribution co-ops through their own generation or by purchasing power on behalf of the distribution members. Co-ops are typically 
established in rural areas that don’t have an investor-owned or municipal utility nearby to supply electric power. Examples of electric cooperatives include Great 
Lakes Energy Cooperative in Michigan and Dixie Power in Utah. Energy Services Companies Energy services companies (ESCOs) design, develop, build, and 
arrange financing for projects that save energy, reduce energy costs, and decrease operations and maintenance costs at their customers’ facilities. In general, 
ESCOs act as project developers for a comprehensive range of energy conservation measures (ECMs) and assume the technical and performance risks 
associated with a project. Investor-Owned Utilities Investor-owned utilities (IOUs) are privately owned electricity and natural gas providers that aim to produce a 
return for investors. |OUs distribute profits to stockholders or reinvest the profits. A public utilities commission regulates and sets the rate with some customer 
participation. IOUs purchase power through contracts and also have their own generation facilities. They’re the largest type of electric utility and have a complex 
mix of customers. Examples of lOUs include FirstEnergy in Ohio and Pacific Gas & Electric in California. Public Utilities Public or municipality-owned utilities are 
nonprofit local government agencies. They provide services to communities that recover costs and earn additional returns. Public utilities use the returns to 
invest in new facilities. Locally elected officials or public employees manage public utilities. Public utilities can return excess funds to customers through 
reduced rates, community contributions, and increased operational efficiencies. The utility governing body or city council sets the rates. Public utilities operate 
their own generation facilities or buy power through contracts. Examples of public utilities include Breckenridge Public Utilities in Minnesota and Burlington 
Electric Department in Vermont. Summary In this unit, you learned about the different types of utility products and how utility companies produce and distribute 
their products. You also got to know that many types of utility companies operate worldwide, including investor-owned, municipality-owned, and cooperatives. 
These companies strive to meet the energy, gas, water, and waste needs of communities. In the next unit, you learn how these companies operate within their 
markets. Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/the-energy-and-utilities- 
industries/434f49fb94ae8d24407b3de26e31f186_badge.png The Energy and Utilities Industries 100% Progress: 100% View more modules Skip to main content 
The Energy and Utilities Industries Discover Market Models and Their Impact on Utilities Time Estimate About 10 mins Topics Learning Objectives Types of 
Global Utility Market Models Challenges Facing Utilities Key Business Units and Processes Summary Resources Challenge +25 points Get help with this badge 
Provide feedback for this badge Discover Market Models and Their Impact on Utilities Learning Objectives After completing this unit, you'll be able to: Explain the 
different types of global utility market models. Discuss the challenges that utilities face today. Describe the impact of processes required by key business units. 
Types of Global Utility Market Models Energy markets across the world are in the middle of a revolution, triggered by decarbonization and fueled by innovation. 
Some countries have introduced energy deregulation and competition into energy markets, which has led to the creation of new types of energy markets. Here’s 
a look at some of the globally recognized energy market models. Regulated A stamp and document symbol. Utility companies in regulated markets, often called 
vertically integrated utilities, must show a return on investment or a benefit for the money they spend. In a regulated market, the utility companies own the 
infrastructure, which includes electric transmission lines and all the associated equipment, such as power poles, power lines, and transformers. These utility 
companies often generate or purchase electricity and sell it to customers. Regulated with Competition A stamp, document, and people symbol. Utilities in a 
regulated competitive market are similar to regulated utilities, but they face some level of energy supplier competition. This type of market model often caters to 
the customer base with higher usage or demand. Some regulated markets support a level of energy supplier competition. Utilities in regulated markets are often 
considered vertically integrated, which means they have a monopoly over the sale of power to their customers. But in many regions, utilities offer limited choices 
for some customer segments. Examples of such regions in the US include California, Georgia, Michigan, Nevada, Oregon, and Virginia. Sometimes residential 
customers buy power from the community or renewable-energy suppliers. In many cases, commercial and industrial (C&l) customers with high usage and 
demand buy power from energy suppliers that can meet their operational budgets and sustainability goals with clean energy. Transitioning A book with forward 
arrow transition symbol. Transitioning markets are now open to full-scale competition. However, these markets haven’t fully separated or unbundled all of the 
existing entities of the previously regulated market. Entities include generation, transmission, distribution, and retail. Competitive A document and people 
symbol. Competitive markets are also known as deregulated energy markets. In a competitive market, utility companies own and maintain the transmission 
infrastructure and distribute electricity, while other companies compete to supply and sell electricity and gas to customers. In a deregulated market, vertically 
integrated companies are split into multiple independent companies that focus on a specific aspect of the market. For example, a single vertically integrated 
utility company is split into generation, transmission and distribution, and energy supply companies, though this varies between markets. Additionally, services 
such as meter asset management and meter ownership are sometimes split into separate companies. The goals of energy deregulation typically include breaking 
up monopolies and encouraging energy supplier competition. This gives customers more options and encourages price competition. A successful deregulated 
market has some churn because customers mostly shop for competitive rates and offers that fit their needs and lifestyles. Challenges Facing Utilities The energy 
and utilities industries face many obstacles due to the current business environment. Consolidation is creating an increasing need to integrate, merge, and 
reconcile business-support systems. Here’s an overview of the industry environment and the challenges it presents. Deregulation Around the world, countries 
have introduced energy deregulation and competition into energy markets to democratize the energy and utilities industry and provide customers with choices. 
The more competitive a market, the more pressure on utilities to gain and retain customers. Deregulation: Increases customer choice and energy supplier 
competition to encourage competitive energy pricing. Unbundles generation, transmission, distribution, supply, and customer service. Helps break up 
monopolies over the end-to-end elements of electricity, gas, and water supply. Aging Infrastructure and Workforce Along with competitive pressure, the energy 
and utilities sector is at an inflection point. Aging infrastructure needs replacement, and a new generation is entering the workforce. In addition to the physical 
infrastructure, aging and inflexible customer information systems (CIS) and billing systems can no longer handle the data and security requirements of changing 
markets. Retail Competition’s Effect on Energy Rates Competitive markets lead to price competition, and the commercial and industrial segments benefit the 
most. Even customers using default services provided by utilities in competitive regions still benefit from competitive markets, because competition leads to 
more choices. Climate Change and Environmental Responsibility Everybody's talking about climate change. The implementation of energy savings and efficiency 
measures, and the use of renewable energies, are constantly increasing. That’s why utility companies must rethink their strategies and shift their operations to 
reach greater levels of environmental stewardship and protection. When it comes to finding new ways to generate energy through sustainable processes, it’s 
now or never. Furthermore, energy sustainability measures open the door to major economic benefits. Sustainability measures can help generate mass amounts 
of information with valuable consumption and generation data to bring down costs. Digital Transformation Digital adoption and rapid technological change are 
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forcing utilities to rethink their current business models, including how they work and the services they provide. To achieve greater sustainability and higher 
energy savings, utilities have to implement digitization strategies that facilitate the design, implementation, and operation of new sustainable technologies in 
which customers play a starring role. Customers expect to have a more fluid and personalized experience. What’s more, they want more information, with 
detailed data on their rates and consumption. Utilities must make their strategies customer-centric and digitize their processes and tools. Key Business Units 
and Processes The rules of the energy industry are changing as utilities embrace new technologies and customers gain more control over products. Examine 
some of the impacts of changes to business processes on customers and key business units. An owl constructing a house. Accounting Rules Changes: 
Information Services Often, utilities in regulated markets are unable to capitalize on the money they spend on services in the same way that they can for capital 
equipment. Because regulated markets lack competition, utilities haven’t prioritized information services, such as cloud-computing solutions to support their 
business processes. However, this is changing as some utilities acknowledge the benefits provided by software as a service (SaaS). Utility Rules Changes: Who 
Creates Energy? Now customers really do have power, their own power. With rooftop solar, electric vehicles, batteries, and microgrids, customers can sell their 
power back to the grid. They can also get paid by utilities to reduce their consumption or use stored energy when grid capacity is strained. Distributed energy 
resources are a consideration and even a concern for grid operators who fear the impact of losing customers. But, if utilities and customers are aligned, 
distributed energy resources can work to the advantage of both utilities and customers to: Regulate the flow of electricity. Transition to cleaner energy. Keep the 
grid safe and secure. Reduce energy costs. Grid Changes: Moving to Multidirectional Grid evolution is driving the need for cloud platforms because as the 
energy grid becomes more distributed and multidirectional, the enterprise platforms required to manage this flow of data and transactions must adapt. In the 
past, power flowed one way, and the system was focused on safe, reliable, and affordable power. New and disruptive innovations, such as distributed energy 
resources, are changing this. Power now flows two ways. Energy can be mobile and the computing needs to manage everything are far greater. New digital 
energy cloud platforms, such as Salesforce, are filling that need. Summary In this unit, you learned about the various utility market models. You also learned 
about the challenges faced by utilities and the impact of industry transformation on business units and processes. In the next unit, you learn about the common 
utility services and the key energy units of measure. Resources External Site: Advanced Energy Perspective: How Much Do You Know About Your Electric 
Utility? External Site: 6 Main Challenges in Utility Sector External Site: The Utilities Industry Is At the Center of a Massive Global Shift Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/the-energy-and-utilities-industries/434f49fb94ae8d24407b3de26e31f186_badge.png The 
Energy and Utilities Industries 100% Progress: 100% View more modules Skip to main content The Energy and Utilities Industries Learn Common Utility 
Processes, Services, and Units of Measure Time Estimate About 10 mins Topics Learning Objectives Common Energy and Utilities Service Processes Common 
Customer Notifications Energy Product Measurements Summary Resources Challenge +25 points Get help with this badge Provide feedback for this badge 
Learn Common Utility Processes, Services, and Units of Measure Learning Objectives After completing this unit, you'll be able to: Explain the common utility 
service processes. Describe the common customer notifications. Describe the energy and utilities units of measure. Define the pricing and quoting terms for 
various energy and utility commodities. Common Energy and Utilities Service Processes Apart from delivering energy products to customers, utilities also 
provide additional services to make customers’ service experience better. Here are the most common energy and utilities service processes for business-to- 
business (B2B) and business-to-consumer (B2C) customers. Examples of energy and utility services provided to the customers. Manage Communication 
Preferences and Services With so many channels of communication available, good customer service tailors the communication method to customer 
preferences. Whether it’s incoming or outgoing communications, utilities must manage their customer communications efficiently so that customers get what 
they need in a way that’s convenient for them. People and businesses move and change. Customer service agents communicate regularly with individuals who 
are moving to a different house and need their service changed. Agents also work with businesses that plan to move to a different location. Customers who own 
multiple properties need to organize their utilities efficiently. Easy access to real-time information and customer service are important to property managers. New 
Programs and Energy Services New programs and energy services are exciting topics for many customers and a chance for companies to build relationships. 
They share information with customers about new programs, such as solar, electric vehicles, batteries, and related offers and rebates. Bill Inquiry and Payment 
Assistance Customers sometimes call to ask questions about their bill or to submit a meter reading, but this need not be the end of the conversation. With the 
right tools, customer service agents can use this time to build a relationship with the customer. This includes suggesting ways for the customer to save or 
manage energy, which can help them save money. Customer service agents also reach out to customers about payments and sometimes about nonpayment of 
bills. This can lead to conversations about payment and collections assistance. Service Outage, Safety, and Service Callout Service outage and safety issue 
notifications are two-way communications. Customers can report a service outage or safety issue, and utilities can communicate a planned or unplanned service 
outage or safety issue to customers through several channels. When an equipment malfunctions, companies dispatch workers to the site to make repairs. 
Service can be planned or unplanned, and utilities inform the customers about any potential outages and expected restoration times. New Rates and 
Construction Whether fixed or variable, rates change from time to time. New rates and rate changes are sometimes available by choice or mandate. Customer 
service agents regularly reach out to customers about changes and rate choices through calls and digital channels. A lot goes on at new construction sites and 
not just for the general contractor. Utilities carry out many different actions at new construction sites, which they manage on a schedule to avoid disruptions in 
construction. Common Customer Notifications Now that you know the various common customer service tasks, it’s time to learn more about the common 
customer notifications. Examples of the service notifications that customers expect from utilities. Account Activation and Deactivation Services Customers 
sometimes move in and out of a utility’s service area, and they occasionally switch to a competitor as well. With current trends, it’s more common than ever for 
customers to contact their utilities to add, switch, and deactivate service. Welcome Communications When a new customer joins a utility service, it’s important 
to start the customer relationship with a communication to welcome them onboard. Examples include welcome calls, gifts, and emails. Electronic Fund Transfer 
Confirmations With identity theft on the rise, many customers are setting up regular notifications through their banks. Offering customers the option to set up 
electronic funds transfer (EFT) confirmations with the utilities helps build customer trust. Payment Reminders and Overdue Notices With busy schedules, 
sometimes customers overlook or forget to pay their bills. They like reminders to help them avoid additional fees and hits to their credit scores. Rate Change 
Notifications and Tariff Notices While this type of notification is sometimes mandated, utility customers on variable rates run their businesses to maximize output 
and minimize costs. So, it’s important to know the rates at all times. Some rates vary in price by time of day or usage, and customers want to know when they 
cross a threshold into a higher rate or price. Outage or Restoration Notifications Regardless of whether you service individual customers or businesses, it’s 
important for everyone experiencing an outage to know when repairs are underway and when service is restored. Often, outage notices include an estimated time 
of restoration. Crew Mobilization Notices Whenever there’s a service disruption, it’s important to notify customers. Companies must also notify all crew members 
to mobilize and restore service. Mobilization notices alert crews when they must repair damage or perform services. Customer Satisfaction Surveys As with any 
type of customer, utility customers don’t always share when they’re unhappy. So, it’s important to reach out to customers occasionally, to determine their level of 
satisfaction and improvement areas. Energy Product Measurements Guess what utility companies do before selling their commodities? If you said measure and 
price their products, you get a gold star. Learn about some of the primary energy units of measure and pricing terms. An energy meter. Electricity Units of 
Measure An energy unit used for electrical power, particularly for utility bills, is the kilowatt-hour (kWh), with one kilowatt-hour equivalent to 3.6 megajoules. 
Electricity usage is measured in units of kilowatt-hours per year or another time period. This is a measurement of average power consumption, meaning the 
average rate at which energy is transferred. One kilowatt-hour per year is about 0.11 watts. Natural Gas Units of Measure Natural gas is often sold in units of 
energy content or by volume. The most commonly used units of measure for gas are gas cubic feet or meters. Ccf or one hundred cubic feet and Mcf or one 
thousand cubic feet are used to measure large volumes of natural gas. Water, Wastewater, and Waste Units of Measure Water and wastewater are measured in 
gallons, cubic feet or meters, or centum cubic feet (CCF). Waste charges can be measured by weight or volume in skips, bins, dumpsters, or other containers, 
depending on the content of the waste. Energy and Utilities Pricing and Quoting Terms Energy and utility companies employ usage pricing extensively. The four 
subtypes of pricing include unit rate, standing charge, interval pricing, and Flex pricing. Summary In this unit, you learned how utilities communicate with their 
customers and how customer expectations are changing rapidly. You got to know about some of the common notifications that utilities send to their customers. 
In the end, you also learned about the various energy units of measure and pricing terms. In the next unit, you learn about the transformative shifts in the energy 
market and the impact of distributed energy resources and demand-side management. Resources Salesforce Help: Common Energy & Utility Units of Measure 
Salesforce Help: Energy and Utilities Pricing and Quoting Terms Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/the-energy-and-utilities-industries/434f49fb94ae8d24407b3de26e31f186_badge.png The 
Energy and Utilities Industries 100% Progress: 100% View more modules Skip to main content The Energy and Utilities Industries Explore Market Pressures and 
Transformative Shifts Time Estimate About 10 mins Topics Learning Objectives The Four Ds of Energy Transformation What’s Driving Digital Transformation? 
Impact of Distributed Energy Resources Impact of Demand-Side Management Summary Want to Learn More? Resources Challenge +25 points Get help with this 
badge Provide feedback for this badge Explore Market Pressures and Transformative Shifts Learning Objectives After completing this unit, you'll be able to: 
Define the four Ds of energy transformation. Explain the factors driving digital transformation for energy and utility companies. Describe the impact of distributed 
energy resources and demand-side management on the energy market. The Four Ds of Energy Transformation Transformative shifts are taking place in the 
energy and utilities industries, including deregulation, decentralization, and distributed energy resources (DER). Moreover, decarbonization, digitalization, and 
demand-side management are intensifying the shift. Energy transformation is defined by four Ds: decarbonization, deregulation, digitalization, and 
decentralization. Here’s a closer look at each of these processes. Decarbonization The carbon dioxide formula with arrows pointing downward. Decarbonization 
is the move to cleaner energy and conservation behavior. This move changes the technologies used to generate power, such as wind and solar. In turn, the 
changes impact the infrastructure of the business as well as the products available to customers. Types of products resulting from decarbonization include green 
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energy and renewable-based products. As a result, these changes affect customer-facing sales and service opportunities. Deregulation A scissor cutting a 
ribbon. Deregulated markets are moving away from verticalized utilities. Thanks to this shift, new market models are emerging in which nontraditional energy 
companies can now own the energy-customer relationship. As a result, traditional utility companies need new products and systems to support existing products 
and compete successfully. This means increased demands on their systems. Digitalization A document with an arrow pointing to a laptop screen. Digitalization 
includes using the cloud, Internet of Things (loT), and big data to build smarter, more responsive grids, with an additional focus on customer behavior. 
Customers are now used to the sophisticated digital services offered in other industries and expect the same from their utility companies. You learn more about 
digital transformation later in this unit. Decentralization A circle with arrows going outward and pointing to smaller circles. With more on-site customer 
generation and distributed energy resources, such as solar power, EVs, microgrids, and battery storage, customers have more choice and power over the grid 
than ever. While this seems positive for customers, it places a new and increased burden on keeping a utility’s infrastructure safe, as the utility no longer owns, 
maintains, or physically controls all the energy resources that are now part of its energy grid. What’s Driving Digital Transformation? As the energy industry 
evolves, customer expectations and utility innovations become increasingly varied. Take a look at some of the questions utilities ask as they try to meet the 
demands of the new-age energy industry. Customer Expectations and Value As a utility company, how do | keep up? How do | personalize my products and 
communications for my vastly diverse customer base? How do | meet the customers where they want to be and anticipate their needs? How do | provide true 
value to my customers? Digital-First, Work-from-Anywhere, Real-Time How do | deliver a digital-first experience for my customers and employees, connecting 
them from anywhere? Can | be agile enough? Can | generate insights and enable actions in real time that are valuable to my customers and that support our 
business objectives? Disruptive Regulatory and Technology Change How will the industry landscape look in a competitive market, with new distributed, 
democratized, and decarbonized energy programs? How do | use loT, smart devices, meters, and VPPs or networks to maximize grid, customer, and business 
value? What’s my place in new energy market models? Salesforce solutions support all types of utility market models across the globe and are flexible enough to 
meet the different expectations and innovations of each market. Impact of Distributed Energy Resources DERs are electrical generation and storage facilities that 
consist of a variety of small, grid-connected, or distribution-system-connected devices. Distributed generation and storage enable the collection of energy from 
many sources, lower environmental impacts, and improve the security of supply. A windmill, solar panel, and battery. Conventional power stations, such as coal- 
fired and gas stations, nuclear-powered plants, hydroelectric dams, and large-scale solar power stations, are centralized and often transmit electric energy over 
long distances. In contrast to conventional power stations, DER systems are decentralized, modular, and use flexible technologies that are located close to the 
load they serve. However, DERs have capacities of only 10 megawatts (MW) or less. Multiple generation and storage components can form these systems, which 
are sometimes referred to as hybrid power systems. DER systems typically use renewable energy sources, such as hydro, biomass, biogas, sun, wind, and 
geothermal. DERs play an important role in the electric power distribution system as the energy industry moves towards renewable energy. Grid-Connected 
Devices A grid-connected device for electricity storage can also be classified as a DER system and is called a distributed energy storage system (DESS). DER 
systems can be managed and coordinated in a smart grid through an interface. Microgrids Microgrids are modern, localized, small-scale grids, as opposed to the 
traditional, centralized electricity grid or macrogrid. DERs can be the components of a microgrid. Think of a microgrid as a small, standalone grid, capable of 
meeting the energy needs of a defined area, such as a community or an area of several city blocks. To be self-sufficient in the provision of energy, a microgrid 
needs one or more sources of energy. In the past, a microgrid has included resources such as a diesel generator, but with technological advances, resources 
now include DERs, such as solar or wind. On a larger scale, microgrids also add efficient batteries to the mix to store energy. Microgrids can disconnect from the 
centralized grid and operate autonomously, strengthen grid resilience, and help mitigate grid disturbances. They’re typically low-voltage AC grids that use diesel 
generators and are installed by the community they serve. Microgrids nowadays employ a mixture of different DERs, such as solar hybrid power systems, which 
significantly reduce carbon emissions. Impact of Demand-Side Management Demand-side management (DSM) is a group of actions designed to efficiently 
manage a site’s energy consumption to cut the costs incurred for the supply of electrical energy. Costs arise from grid charges and general system charges, 
including taxes. One way utilities can meet the demand on the grid is to reduce demand from the customer side by influencing customer consumption. The 
energy you save is measured in negawatts. No, it's not a joke. A negawatt is a hypothetical unit of power for measuring the amount of energy saved due to 
efficient energy consumption. A negawatt is the cheapest electron because it’s the one you don't use. Utilities use conservation or energy-efficiency programs to 
help customers commit to using little or no energy during certain peak times, which allows the utility company to keep reserve power plants shut down. Without 
these programs, utilities often fire up reserve plants to meet customer demand. For instance, when all of the air conditioners switch on at the same time in a Los 
Angeles heat wave. DSM optimization aims to achieve savings in electricity charges by modifying features of electricity consumption related to the: Overall 
consumption picture Consumption time profile Contractual supply parameters, including contractual power and grid connection parameters As a result of the 
high penetration of renewable sources and the decentralization of production sources, grid managers in many countries now see increased instability on the grid 
and consequent disruptions to services. Grid Services Grid managers can use generation and consumption systems that offer grid services to limit the impact of 
service disruptions and ensure a balance between energy consumption and the amount of power fed into the grid. To engage in demand-side management, the 
first requirement is to carry out an in-depth analysis of onsite consumption. This involves assessing the unique requirements of each site and whether utilities 
can optimize the consumption habits of customers. Whenever a change in habit is unfeasible or simply insufficient to achieve the desired cost reductions, 
utilities can evaluate these on-site installation elements. Battery energy storage systems (BESS) Renewable source systems, such as solar panels and wind 
turbines Cogeneration systems Summary Congratulations! In this module, you learned about the energy industry, the types of utility services, and the utility 
companies that provide those services. You gained an overview of the various energy markets and their impacts on utility companies. You also learned about the 
energy and utilities industry terms, units of measure, and pricing methods. And finally, you explored the challenges the energy and utilities industry is facing and 
how the industry is transforming in the evolving business environment. Want to Learn More? If you’re a Salesforce customer, check out the following learning 
journeys to find out how to skill up on our amazing suite of digital transformation tools and industry applications. Energy & Utilities Cloud Consultant Energy & 
Utilities Cloud Developer If you’re a Salesforce partner, you can find the same great learning plus additional partner resources on Partner Learning Camp (login 
required). #AlwaysBeLearning Resources External Site: What’s a Negawatt? Salesforce Site: Energy & Utilities Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/the-energy-and-utilities-industries/434f49fb94ae8d24407b3de26e31f186_badge.png The 
Energy and Utilities Industries 100% Progress: 100% View more modules Skip to main content Artificial Intelligence Fundamentals Get Started with Artificial 
Intelligence Time Estimate About 10 mins Topics Learning Objectives Trailcast Time to Get Fluent in Al The Difficulty of Defining Al Main Types of Al Capabilities 
Numeric Predictions Classifications Robotic Navigation Language Processing In Summary Resources Challenge +100 points Get help with this badge Provide 
feedback for this badge Get Started with Artificial Intelligence Learning Objectives After completing this unit, you’ll be able to: Explain the importance of 
understanding fundamental concepts of artificial intelligence. Identify the challenges that make defining artificial intelligence difficult. Describe the types of tasks 
artificial intelligence can perform. Define the term artificial intelligence. Trailcast If you'd like to listen to an audio recording of this module, please use the player 
below. When you’re finished listening to this recording, remember to come back to each unit, check out the resources, and complete the associated 
assessments. Time to Get Fluent in Al Artificial intelligence (Al) has been a dream of many storytellers and sci-fi fans for years. But for a long time most people 
hadn’t given Al much serious thought because it was always something that might happen far into the future. Well, researchers and computer scientists haven’t 
been waiting for tomorrow to arrive, they’ve been working hard to make the dream of Al into a reality. In fact, some have said we’ve already entered the Age of Al. 
A closeup of a person sitting at a typewriter, drawn in the style of fun 2D vector artwork. The scene is in a university classroom, there’s a blackboard in the 
background with a sketch of a neural network. In the foreground is a college student typing on computer, drawn in the style of fun 2D vector artwork.” [Al- 
generated images using DreamStudio at stability.ai. The first uses the prompt, “A closeup of a person sitting at a typewriter, drawn in the style of fun 2D vector 
artwork.” The second uses the prompt, “The scene is in a university classroom, there’s a blackboard in the background with a sketch of a neural network. In the 
foreground is a college student typing on computer, drawn in the style of fun 2D vector artwork.”] It’s unclear just how deeply Al will become part of our daily 
lives. But what is certain is that for us to have meaningful conversations about Al, we need a shared vocabulary and a solid foundation of core concepts to build 
upon. As it stands, if you ask 10 people to define artificial intelligence, you’re likely to get 10 different answers. In this badge we try to reach an agreed-upon 
definition by exploring Al’s current capabilities. We also investigate how computer scientists create the Al systems that perform such incredible feats. The 
Difficulty of Defining Al The first step in defining Al is to recognize that our current notion of Al might be a little distorted. A steady diet of science fiction books 
and movies where Al is seen as a nefarious entity bent on conquering the world hasn’t helped. Science fiction isn’t the only thing that’s complicated our view of 
Al. Generally speaking, we humans tend to think quite highly of ourselves; the benchmark by which everything else is measured. So when we speak of artificial 
intelligence, we can’t help but to compare it to our own intelligence. The problem is that humans aren’t the only intelligent beings out there. Animals, from crows 
to octopuses, use tools and problem solving to perform complex tasks. Even slime molds can solve mazes if given enough time. And as we’ve begun to 
appreciate the huge spectrum of intelligence in the animal kingdom, we’ve also started to recognize the great diversity in our own human intelligence. Maybe 
you’ve met someone who’s fantastic at public speaking but can’t do math to save their life. Or someone who can always tell when you’re feeling a little anxious, 
but would trip over a soccer ball at the first opportunity. The point is that our intelligence is expressed in many, specialized forms. We need to think of artificial 
intelligence in the same way. There are specific kinds of Al that are good at specific kinds of tasks. So let’s bring some definition to what we mean by artificial 
intelligence by taking a close look at what Al can do today. Main Types of Al Capabilities Right now there’s no singular Al that’s good at everything. That idea, 
known as general Al, is still far into the future. Instead, over the years we’ve developed several specialized Al systems that are designed to perform specific 
tasks. The kinds of tasks they do generally fall into one of a few broader categories. Numeric Predictions Have you looked at a weather forecast recently? 
Predicting rain or shine helps you decide if you should grab an umbrella. Although we’ve made weather predictions for thousands of years, Al can do it better 
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than any previous method. A good prediction can help you answer all sorts of questions. Is this customer likely to renew their subscription? Are you at risk for a 
medical condition? Will there be high demand on the power grid this evening? Often Al predictions take the form of a value between 0 (not going to happen) to 1 
(totally going to happen). Numeric predictions include more than just percent values, they can predict any numeric value, such as dollars. Maybe your business 
wants to predict next quarter’s sales, or figure out the optimal pricing for your latest service: Widget+. And as a consumer you’re probably already affected by 
these kinds of numeric predictions, even more than you realize. Just imagine a trip overseas: the airline tickets, hotel room, ridesharing, and travelers insurance 
are all likely to be priced by Al to perfectly balance supply and demand. Skip to main content Artificial Intelligence Fundamentals Turn Data into Models Time 
Estimate About 10 mins Topics Learning Objectives Trailcast The Trick Behind the Magic The Shift from Crafting to Training Experience Required Use the Right 
Data for the Right Job Challenge +25 points Get help with this badge Provide feedback for this badge Turn Data into Models Learning Objectives After completing 
this unit, you’ll be able to: Explain differences between hand-coded algorithms and trained models. Define machine learning and how it relates to Al. Distinguish 
between structured and unstructured data, and how it affects training. Trailcast If you'd like to listen to an audio recording of this module, please use the player 
below. When you’re finished listening to this recording, remember to come back to each unit, check out the resources, and complete the associated 
assessments. The Trick Behind the Magic What Al can do may seem like magic. And like magic, it’s natural to want a peek behind the curtain to see how it’s all 
done. What you'll find is that computer scientists and researchers are using lots of data, math, and processing power in place of mirrors and misdirection. 
Learning how AI actually works will help you use it to its fullest potential, while avoiding pitfalls due to its limitations. The Shift from Crafting to Training For 
decades, programmers have written code that takes an input, processes it using a set of rules, and returns an output. For example, here’s how to find the average 
from a set of numbers. Input: 5, 8, 2, 9 Process: Add the values [5 + 8 + 2 + 9] then divide by the number of inputs [4] Output: 6 This simple set of rules for turning 
an input into an output is an example of an algorithm. Algorithms have been written to perform some pretty sophisticated tasks. But some tasks have so many 
rules (and exceptions) that it’s impossible to capture them all in a hand-crafted algorithm. Swimming is a good example of a task that is hard to encapsulate as a 
set of rules. You might get some advice before jumping in the pool, but you only really figure out what works once you’re trying to keep your head above water. 
Some things are learned best by experience. What if we could train a computer in the same way? Not by tossing it into a pool, but by letting it figure out what 
works to succeed at a task? But just like learning to swim is very different from learning to speak a foreign language, the kind of training depends on the task. 
Let’s check out a few of the ways AI is trained. Experience Required Imagine that every time you went to the store to pick up milk, you tracked details of the trip in 
a spreadsheet. It’s a little weird, but go with it. You set up the following columns. Is it the weekend? Time of day Is it raining or not? Distance to store Total 
minutes of trip After several trips you start getting a feel for how conditions affect how long it’ll take. Like, rain makes the drive longer, but it also means fewer 
people are shopping. Your brain makes connections between the inputs (weekend [W], time [T], raining [R], distance [D]) and the output (minutes [M]). Diagram of 
inputs [W, T, R, D But how can we get a computer to notice trends in the data so it can estimate too? One way is the guess-and-check method. Here’s how you do 
it. Step 1: Assign all of your inputs a “weight.” This is a number that represents how strongly an input should affect the output. It’s OK to start with the same 
weight for everything. Step 2: Use the weights with your existing data (and some clever math we won't get into here) to estimate the minutes for a milk run. We 
can compare the estimate to the historic data. It'll be way off, but that’s OK. Step 3: Let the computer guess a new weight for each input, making some a little 
more important than others. For example, the time of day might be more important than whether or not it’s raining. Step 4: Rerun the calculations to check if the 
new weights result in a better estimate. If so, it means the weights are a better fit, and changing in the right direction. Step 5: Repeat steps 3 and 4, letting the 
computer tweak weights until its estimates aren’t getting any better. At this point the computer has settled on weights for each input. If you think of weight as how 
strongly an input is connected to the output, you can make a diagram that uses line-thickness to represent the weight of a connection. Diagram of input nodes 
connected to an output. For this example it looks like the time of day has the strongest connection, but apparently rain doesn’t make much of a difference. This 
process of guess-and-check has created a model of our milk runs. And like a model boat, we can take it to the pool to see if it floats, so to speak. That means 
testing it in the real world. So for your next several milk runs, before you leave, have the model estimate how long it’ll take. If it’s right enough times in a row, you 
can confidently let it do the estimating for every future trip. A robot is at a workbench putting together the pieces of a small model sailboat. The picture is drawn 
in 2D vector art style. [Al-generated image using DreamStudio at stability.ai with the prompt, “A robot is at a workbench putting together the pieces of a small 
model sailboat. The picture is drawn in 2D vector art style.”] Use the Right Data for the Right Job This is a very simple example of using training to make an Al 
model, but it touches on some important ideas. First, it’s an example of machine learning (ML), which is the process of using large amounts of data to train a 
model to make predictions, instead of handcrafting an algorithm. Second, not all data is the same. In our milk run example, the spreadsheet is what we would call 
structured data. It is well organized, with labels on every column so you know the significance of every cell. In contrast, unstructured data would be something 
like a news article, or an unlabeled image file. The kind of data that you have available will affect what kind of training you can do. Third, the structured data from 
our spreadsheet lets computers do supervised learning. It’s considered supervised because we can make sure every piece of input data has a matching, 
expected output that we can verify. Conversely, unstructured data is used for unsupervised learning, which is when Al tries to find connections in the data without 
really knowing what it’s looking for. Letting the computer figure out a single weight for each input is just one kind of training regimen. But often interconnected 
systems are more complicated than what 1-to-1 weighting can represent. Thankfully, as you learn in the next unit, there are other ways to train! Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/artificial-intelligence- 
fundamentals/14877ba5a7b474ed9bd9e431c889fb16_badge.png Artificial Intelligence Fundamentals 100% Progress: 100% View more modules Skip to main 
content Artificial Intelligence Fundamentals Understand the Need for Neural Networks Time Estimate About 10 mins Topics Learning Objectives Trailcast The 
Need for Neural Networks Adding Complexity to Neural Networks More Than Mental Math, It’s Neural Network Math Wrap Up Resources Challenge +25 points Get 
help with this badge Provide feedback for this badge Understand the Need for Neural Networks Learning Objectives After completing this unit, you'll be able to: 
Explain the limitation of Al models that only consider the weight inputs. Describe the role of neural networks in machine learning. Define the major components 
of neural networks. Describe how complexity is added to neural networks, and define deep learning. Explain how it’s impossible to interpret the weights and 
biases determined through training. Trailcast If you'd like to listen to an audio recording of this module, please use the player below. When you’re finished 
listening to this recording, remember to come back to each unit, check out the resources, and complete the associated assessments. The Need for Neural 
Networks No conversation about Al is complete without mentioning neural networks. Neural networks are important tools for training Al models, so it’s good to 
have some idea of what they are. But before we get into the details, let’s first discuss why we need neural networks in the first place. In the previous unit, you 
learned that we can train an Al model by letting it guess-and-check the importance-weight of each input. But the milk run example was actually overly simplified. 
Our model would give us pretty rough estimates. To understand why, let’s consider two scenarios. It’s raining on a Tuesday evening. You’d rather not get wet, so 
you (and many others like you) decide shopping can wait until tomorrow. In this scenario, rain is a significant factor. It’s raining on Saturday afternoon. For many 
people, this is the only time of week when they can go shopping. So the store will be busy, rain or shine. In this scenario, rain doesn’t make much difference. The 
problem is that our original model can only assign one weight to rain, but we know it’s more complicated than that. There is a solution, though, and it starts by 
representing the two scenarios in two separate graphs. Again, line thickness shows importance. In the first, “weekend” and “time” are weak, while “rain” is 
strong. For the second, “weekend” is strong, while “time” and “rain” is weak. Two diagrams, each connecting “weekend,” “time,” and “rain” to separate 
estimates. (gray, blue, yellow) We know these two scenarios are significant because we’re smart and have experience buying milk. But a computer just starting to 
learn about milk runs doesn’t know anything yet! It has to consider many scenarios: weekend-evening-rain, weekday-morning-shine, and so forth. Instead of two 
graphs, eight might better represent the kinds of scenarios you encounter. Eight very similar graphs, each have three nodes connected to one. That’s a lot of very 
similar graphs. Since the three inputs always represent “weekend,” “time,” and “rain,” you can overlap them. If you move the outputs so they aren’t touching, 
you get a combined graph that looks like this. A graph with three nodes on one side, and eight on the other. Every node is connected with a line. The importance 
of each scenario depends on the specific inputs. But knowing the importance is only half the battle. Each scenario needs to affect the final estimate in its own 
way. For example, the weekend-afternoon-shine milk run should take much longer. So let’s give it an adjustment of +5. When we do the math to calculate an 
estimate, it results in a larger number. While we're at it, let’s give the weekday-morning-rain scenario an adjustment of -4 since we know milk runs are shortest at 
that time. Each scenario gets its own adjustment, which is what we call a bias. In this case, bias is a good thing because it helps us get a more accurate estimate. 
Let’s redraw our graph to include the bias of each scenario. A graph with three nodes on one side, and eight on the other, each with its own positive or negative 
number. Every node is connected with a line. So what do we do with these eight scenarios and their biases? Using some more clever math, we can combine 
them into a final estimate. Some scenarios should contribute more than others, so you guessed it, we need more weights! We can update our graph to show how 
the scenarios connect to the final estimate with different strengths. A graph with three nodes on the left side, eight in the middle, and one on the right. Lines 
connect left to middle, and middle to right. This is our new model. More connections will hopefully mean better estimates. This web of connections, guided by 
weights and biases, is an example of a neural network. We call it that because the connections, forged by experience (data), resemble how the neurons in a brain 
are connected. And while scenario is a good beginner word for describing a unique combination of factors, we should really use the word node for that concept. 
It’s what Al experts use, so moving forward we'll use it too. Adding Complexity to Neural Networks Our new milk run model is a pretty basic example of a neural 
network. In practice, they can get quite complex. Let’s explore some of the ways researchers set up neural networks to get better results for specific tasks. First, 
you might be wondering why we chose eight nodes to stand between our inputs and output. There’s actually some flexibility in that number. We know that having 
no nodes at all will give us rough estimates. In the same way, having too few might not capture all of the nuance of the system we’re trying to model. But having 
too many nodes is a problem, too. We don’t want to make the computer do more calculations than necessary. So there’s a sweet spot for the number of nodes 
where we get good results for the least effort. Choosing the right number is part of designing a good neural network. There’s something else we can do to make 
artificial neural networks more like our own, organic ones. It has to do with how our minds often leap from idea to idea to find connections between two things 
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that are not obviously related. Some of the most brilliant insights are the result of several leaps. So, what if we could make a neural network that could make 
more leaps, too? We can! We do it by adding more nodes as layers, connecting each node to its neighbor. Diagram of a neural network with two layers of nodes 
between inputs and outputs. Training Al by adding extra layers to find hidden meaning in data is what’s called deep learning. Thanks to an abundance of 
computing power, many neural networks are designed to have multiple layers. Again, the best number of layers is a balance between the number of calculations 
required and the quality of results they produce. More Than Mental Math, It’s Neural Network Math So, about those calculations. Up to this point we’ve glossed 
over the math part of training neural networks. That’s for a few reasons. First, the math can get really complicated, really fast. For example, here’s a snippet of a 
research paper about neural networks. Screenshot of a highly technical research paper about neural networks Yeah, it’s intense! Second, the exact math is going 
to depend on what kind of task you’re training the neural network to do. Third, each new research paper updates the math as we learn what works better at 
training different models. So, designing a neural network involves choosing the number of nodes, layers, and the appropriate math for the task it’s training for. 
With the model architecture ready, you have to let the computer use all that fancy math to do its guess-and-check routine. Eventually it'll figure out the best 
weights and biases to give good estimates. And this brings us to something that’s a little unsettling about artificial neural networks. Imagine a skilled talent scout 
who’s looking for the next great baseball player. “I'll Know him when | see him,” they might say. They can’t explain how they’ll know, they just will. In the same 
way, our neural network can’t explain why certain factors are important. Sure, we can look at the values attached to each weight and bias, but the relevance of a 
number that’s the result of a connection of a connection of a connection will be lost to us. So just like how the mind of the talent scout is a black box, so is our 
neural network. Because we don’t observe the layers between the input and output, they’re referred to as hidden layers. Wrap Up To summarize, neural networks 
are a mix of nodes, layers, weights, biases, and a bunch of math. Together they mimic our own organic neural networks. Each neural network is carefully tuned 
for a specific task. Maybe it’s great at predicting rain, maybe it categorizes plants, or maybe it keeps your car centered in the lane on the highway. Whatever the 
task, neural networks are a big part of what makes Al seem magical. And now you know a little bit about how the trick is done. Resources Trailhead: Responsible 
Creation of Artificial Intelligence Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/artificial-intelligence- 
fundamentals/14877ba5a7b474ed9bd9e431c889fb16_badge.png Artificial Intelligence Fundamentals 100% Progress: 100% View more modules A closeup of a 
friendly robot driving a taxi, in the style of flat 2D line art. [Al-generated image using DreamStudio at stability.ai with the prompt, “A closeup of a friendly robot 
driving a taxi, in the style of flat 2D line art.”] Classifications Is a hot dog a sandwich? This question has led to countless hours of friendly philosophical debate 
about how we categorize things. But in the real world, the stakes can be much higher. Is this plant edible or poisonous? Is that email legitimate or a phishing 
attempt? Classification is often the first step in taking some kind of action, making it an incredibly valuable skill. So it isn’t surprising that computer scientists 
have worked hard to create Al that’s good at classifying data. Identifying plants and phishing emails is only the tip of the iceberg. Financial institutions need to 
flag fraudulent transactions. Medical professionals must diagnose illnesses. Social media platforms want to identify toxic comments. All of these are examples of 
classification problems. Al can effectively make the first pass at classifying, and then the professionals can take it from there. Often, Al classifiers can do the job 
just as well, or better, than humans. That said, each classifier is only good at one, narrow task. So the Al that’s great at detecting phishing emails would be lousy 
at identifying pictures of actual fish. Robotic Navigation Some Als excel at navigating a changing environment, and that might mean actual navigation in the case 
of autonomous (hands-free) driving. Al-powered cars are already quite capable of keeping centered in a lane and following at a safe distance on the highway. 
They adapt to curves in the road, gusts of wind from semi trucks, and sudden stops due to traffic. Al that can adapt to changing environmental conditions have all 
sorts of real-world applications. For example, businesses need to produce and deliver products to their customers every day. Lots of market conditions play a 
role in how quickly that gets done: materials availability, manufacturing capacity, existing inventory, transportation costs, even real-time traffic. Al can optimize 
the supply chain even while conditions are changing. And let’s not forget robots! Even the modest robot floor sweeper can avoid stairs and chairs. On a bigger 
scale, assembly lines are being fitted with robots that become faster and more efficient over time. Those same robots can adjust for changes to the production 
method without costly reprogramming. And researchers are creating rescue robots that can traverse disaster areas, such as a collapsed building. A robot- 
caterpillar that can squeeze through tiny cracks could deliver aid and hope to those trapped inside. Language Processing On November 30, 2022, Merriam- 
Webster’s word of the day was quiddity. Those who learned that word got a little better at what might be the most important skill of all: communication. On that 
same day, the world was introduced to ChatGPT, an artificial intelligence that demonstrated its own communication skills. It could write long responses to 
questions about almost any topic. And the responses seemed like they were written by a human. ChatGPT is one of the most capable Als built to interpret 
everyday language and act on it in some meaningful way. This is known in the industry as natural language processing, or just NLP. Natural language processing 
relies on an understanding of how words are used together, and that lets Al extract the intention behind the words. For example, you might want to translate a 
document from English to German. Or maybe you want a short summary of a long, scientific paper. Al can do that too. NLP is a huge part of generative Al, a 
subcategory of Al that takes words and turns them into unique images, sounds, and of course other words. Generative Al is such a disruptive technology that 
we’ve devoted a whole badge to Generative Al Basics. Check it out when you’re done here. In Summary Artificial intelligence can be thought of as the ability for a 
computer to perform skills typically associated with human intuition, inference, and reasoning. At this time, Al skills are very specialized, and fall into some 
broad categories like numeric predictions and language processing. Now that you have a sense of what Al is (and isn’t), you’re ready to explore how computer 
scientists and researchers create Al. Resources Trailhead: Generative Al Basics Trailhead: Natural Language Processing Basics Salesforce Help: Einstein 
Generative Al Glossary of Terms Salesforce Help: Einstein Generative Al Quiz Complete! +100 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/artificial-intelligence-fundamentals/14877ba5a7b474ed9bd9e431c889fb16_badge.png 
Artificial Intelligence Fundamentals 100% Progress: 100% View more modules Skip to main content Workflow Automation for Service: Quick Look Streamline 
Customer Service with Automation Grow your business with Salesforce Starter Deepen customer relationships with sales, service, and marketing in one app. 
Time Estimate About 10 mins Topics Learning Objectives What’s Automation for Service? Improve Customer Service with Automation Features You Can Use to 
Automate Customer Service Resources Challenge +25 points Get help with this badge Provide feedback for this badge Streamline Customer Service with 
Automation Learning Objectives After completing this unit, you’ll be able to: Explain how automation makes your entire service team more efficient and your 
customers happier. Describe how to map business problems to automation solutions. List Service Cloud features you can use to automate service tasks. What’s 
Automation for Service? Customer service is about providing a smooth and simple journey that meets each customer’s needs. It often takes many steps, agents, 
and systems to complete that journey. Automation helps to streamline the process. For example, what if you could automate a repetitive task, like entering 
customer details only once and having them show up wherever they’re needed across the company? This process saves time for the customer and service team 
while ensuring accuracy. Likewise, automating complex processes across your entire business ensures that your team has the tools they need when customers 
are sent to the next stage in their journey. Here’s a quick video overview of the service experience. While you watch it, think about how this service journey is 
automated and ways you could adapt it to your business. Improve Customer Service with Automation Let’s see how you can implement automation to solve 
common service scenarios. Business Challenge Solution Result Agents don’t have access to the data they need to help customers. Create a 360-degree view of 
the customer that’s shared across teams and integrated from any third-party system. Increased customer satisfaction and faster average handle time for calls. 
Complicated business processes are hard to coordinate across teams. Use workflows and real-time collaboration tools to connect teams so they can swarm 
more efficiently and resolve issues faster. Faster resolution of complicated cases. Agents struggle to manage a high volume of cases. Use Al to triage cases with 
machine learning, assist agents with actionable insights, and move the process forward with recommendations. Increase agent productivity and first-call 
resolution. Customers don't have convenient options to resolve issues on their own. Create a workflow once and embed it in self-service portals or surface it in 
chat and messaging channels via a chatbot so customers can self-serve. Scale your support by deflecting cases and lowering the cost to serve each customer. 
Your company has had a few big service disruptions and customers didn’t get the latest information and support they needed. Set up Incident Management to 
track disruptions and delegate tasks to the right experts in a crisis. Turn disruptions into a positive experience where customers feel supported and build loyalty. 
Features You Can Use to Automate Customer Service Here’s a snapshot of a few features that help service teams automate processes to improve the customer 
service experience. Salesforce Einstein 1: Use this platform to meet your customers on every channel. It provides a single source of truth for customer data that 
is available throughout your organization. Data from Anywhere: Use Salesforce Connect to integrate data from multiple sources. Mulesoft Anypoint Platform’s 
powerful APIs connect data sources programmatically. MuleSoft Composer’s library of connectors and templates connect data sources without code. Salesforce 
Flow and Flow Builder: Create automated flows to guide agents using drag-and-drop builders that contain out-of-the-box templates and reusable building blocks. 
Einstein for Service: Work smarter with Salesforce’s powerful Al. Einstein Case Classification pre-fills case fields for agents to review. Einstein Case Routing 
sends cases to the best agent or queue. Einstein Article Recommendations suggests the most relevant knowledge article to agents working on cases. Einstein 
Next Best Action provides contextual, real-time recommendations. Einstein Bots automates common questions or processes and collects case details for a 
seamless agent handoff. Check out this quick look for more great ways to use Einstein to solve your thorniest problems. Incident Management: Fix service 
disruptions and communicate resolutions quickly to everyone who needs to know. Now that you’ve seen how to improve each customer’s journey while 
increasing your efficiency, are you ready to get started with Service Cloud automation? Resources Salesforce blog post: 4 Must-Have Capabilities for Customer 
Service Automation Salesforce blog post: Start Your Customer Service Automation Process with These 5 Questions Salesforce blog post: Before You Automate, 
Create a Customer Service Process Map — Here’s How Salesforce blog post: You’ve Automated Your Customer Service Process — What’s Next? Quiz Complete! 
+25 points Workflow Automation for Service: Quick Look 100% Progress: 100% View more modules Skip to main content Natural Language Processing Basics 
Get to Know Natural Language Processing Time Estimate About 10 mins Topics Learning Objectives Before You Start What Is Natural Language Processing? A 
Very Brief History of NLP Human Language Is “Natural” Language Natural Language Understanding and Natural Language Generation Resources Challenge +25 
points Get help with this badge Provide feedback for this badge Get to Know Natural Language Processing Learning Objectives After completing this unit, you’ll 
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be able to: Describe natural language processing. Discuss everyday uses of natural language processing. Explain how it has evolved since the 1950s. 
Differentiate between natural language processing, natural language understanding, and natural language generation. Before You Start This badge contains 
terms like neural networks and deep learning that are described in detail in the Artificial Intelligence Fundamentals and Generative Al Basics badges. We 
recommend that you earn those badges first. What Is Natural Language Processing? Natural language processing (NLP), is a field of artificial intelligence (Al) that 
combines computer science and linguistics to give computers the ability to understand, interpret, and generate human language in a way that’s meaningful and 
useful to humans. NLP helps computers perform useful tasks like understanding the meaning of sentences, recognizing important details in text, translating 
languages, answering questions, summarizing text, and generating responses that resemble human responses. NLP is already so commonplace in our everyday 
lives that we usually don’t even think about it when we interact with it or when it does something for us. For example, maybe your email or document creation 
app automatically suggests a word or phrase you could use next. You may ask a virtual assistant, like Siri, to remind you to water your plants on Tuesdays. Or 
you might ask Alexa to tell you details about the last big earthquake in Chile for your daughter’s science project. The chatbots you engage with when you contact 
a company’s customer service use NLP, and so does the translation app you use to help you order a meal in a different country. Spam detection, your online 
news preferences, and so much more rely on NLP. A Very Brief History of NLP It’s worth mentioning that NLP is not new. In fact, its roots wind back to the 1950s 
when researchers began using computers to understand and generate human language. One of the first notable contributions to NLP was the Turing Test. 
Developed by Alan Turing, this test measures a machine’s ability to answer any question in a way that’s indistinguishable from a human. Shortly after that, the 
first machine translation systems were developed. These were sentence- and phrase-based language translation experiments that didn’t progress very far 
because they relied on very specific patterns of language, like predefined phrases or sentences. A 1950s mainframe-style computer being operated by a 
computer scientist. By the 1960s, researchers were experimenting with rule-based systems that allowed users to ask the computer to complete tasks or have 
conversations. The 1970s and 80s saw more sophisticated knowledge-based approaches using linguistic rules, rule-based reasoning, and domain knowledge for 
tasks like executing commands and diagnosing medical conditions. Statistical approaches (i.e., learning from data) to NLP were popular in the 1990s and early 
2000s, leading to advances in speech recognition, machine translation, and machine algorithms. During this period, the introduction of the World Wide Web in 
1993 made vast amounts of text-based data readily available for NLP research. A stack of papers and books. Since about 2009, neural networks and deep 
learning have dominated NLP research and development. NLP areas of translation and natural language generation, including the recently introduced ChatGPT, 
have vastly improved and continue to evolve rapidly. Note Note: For more information about these and other important NLP advances, check out the Resources 
section. Human Language Is “Natural” Language What is natural language anyway? Natural language refers to the way humans communicate with each other 
using words and sentences. It’s the language we use in conversations, when we read, write, or listen. Natural language is the way we convey information, 
express ideas, ask questions, tell stories, and engage with each other. While NLP models are being developed for many different human languages, this module 
focuses on NLP in the English language. If you completed the Artificial Intelligence Fundamentals badge, you learned about unstructured data and structured 
data. These are important terms in NLP, too. Natural language-the way we actually speak—is unstructured data, meaning that while we humans can usually derive 
meaning from it, it doesn’t provide a computer with the right kind of detail to make sense of it. The following paragraph about an adoptable shelter dog is an 
example of unstructured data. Tala is a 5-year-old spayed, 65-pound female husky who loves to play in the park and take long hikes. She is very gentle with young 
children and is great with cats. This blue-eyed sweetheart has a long gray and white coat that will need regular brushing. You can schedule a time to meet Tala by 
calling the Troutdale shelter. For a computer to understand what we mean, this information needs to be well-defined and organized, similar to what you might find 
in a spreadsheet or a database. This is called structured data. The information included in structured data and how the data is formatted is ultimately determined 
by algorithms used by the desired end application. For example, data for a translation app is structured differently than data for a chatbot. Here’s how the data in 
the paragraph above might look as structured data for an app that can help match dogs with potential adopters. Name: Tala Age: 5 Spayed or Neutered: Spayed 
Sex: Female Breed: Husky Weight: 65 Ibs. Color: Gray and white Eye color: Blue Good with children: Yes Good with cats: Yes Favorite activities: Parks, hikes 
Location: Troutdale Natural Language Understanding and Natural Language Generation Today’s NLP matured with its two subfields, natural language 
understanding (NLU) and natural language generation (NLG). Data processed from unstructured to structured is called natural language understanding (NLU). 
NLU uses many techniques to interpret written or spoken language to understand the meaning and context behind it. You learn about these techniques in the next 
unit. Data processed the reverse way-from structured to unstructured-is called natural language generation (NLG). NLG is what enables computers to generate 
human-like language. NLG involves the development of algorithms and models that convert structured data or information into meaningful, contextually 
appropriate, natural-like text or speech. It also includes the generation of code in a programming language, such as generating a Python function for sorting 
strings. In the past, NLU and NLG tasks made use of explicit linguistic structured representations like parse trees. While NLU and NLG are still critical to NLP 
today, most of the apps, tools, and virtual assistants we communicate with have evolved to use deep learning or neural networks to perform tasks from end-to- 
end. For instance, a neural machine translation system may translate a sentence from, say, Chinese, directly into English without explicitly creating any kind of 
intermediate structure. Neural networks recognize patterns, words, and phrases to make language processing exponentially faster and more contextually 
accurate. In the next unit, you learn more about our natural language methods and techniques that enable computers to make sense of what we say and respond 
accordingly. Resources Help: Einstein Generative Al Glossary of Terms IBM Technology Video: What is NLP (Natural Language Processing)? IBM Technology 
Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/natural-language-processing- 
basics/1fa539ec8d8cb8df1379f1729d511c7b_badge.png Natural Language Processing Basics 100% Progress: 100% View more modules Skip to main content 
Natural Language Processing Basics Learn About Natural Language Parsing Time Estimate About 10 mins Topics Learning Objectives Basic Elements of Natural 
Language Parsing Natural Language Semantic Analysis Summary Resources Challenge +25 points Get help with this badge Provide feedback for this badge 
Learn About Natural Language Parsing Learning Objectives After completing this unit, you’ll be able to: Discuss the basic elements of natural language. Describe 
several important techniques used when parsing natural language. Explain how sentiment, intent, and context analysis contribute to NLP. Basic Elements of 
Natural Language Understanding and processing natural language is a fundamental challenge for computers. That's because it involves not only recognizing 
individual words, but also comprehending their relationships, their context, and their meaning. Our natural language, in text and speech, is characterized by 
endless complexity, nuances, ambiguity, and mistakes. In our everyday communication, we encounter words with several meanings; words that sound the same 
but are spelled differently and have different meanings; misplaced modifiers; misspellings; and mispronunciations. We also encounter people who speak fast, 
mumble, or who take forever to get to the point; and people who use speech patterns in accents or dialects that are different from ours. Take this sentence for 
example: “We saw six bison on vacation in Yellowstone National Park.” You might giggle a little as you imagine six bison in hats and sunglasses posing for 
selfies in front of Old Faithful. But, most likely, you understand what actually happened-that is, that someone who was on vacation in Yellowstone National Park 
saw six bison. Or this: “They swam out to the buoy.” If you heard someone speak this sentence without any context, you may think the people involved swam out 
to a male child, when in fact, they swam out to a marker in the water. The pronunciation of “boy” and “buoy” is slightly different, but the enunciation is not always 
made clear. While humans are able to flex and adapt to language fairly easily, training a computer to consider these kinds of nuances is quite difficult. Elements 
of natural language in English include: Vocabulary: The words we use Grammar: The rules governing sentence structure Syntax: How words are combined to 
form sentences according to grammar Semantics: The meaning of words, phrases, and sentences Pragmatics: The context and intent behind cultural or 
geographic language use Discourse and dialogue: Units larger than a single phrase or sentence, including documents and conversations Phonetics and 
phonology: The sounds we make when we communicate Morphology: How parts of words can be combined or uncombined to make new words Parsing Natural 
Language Teaching a computer to read and derive meaning from words is a bit like teaching a child to read—they both learn to recognize words, their sounds, 
meaning, and pronunciation. But when a child learns to read, they usually have the advantage of context from a story; visual cues from illustrations; and 
relationships to things they already know, like trees or animals. They also often get assistance and encouragement from experienced readers, who help explain 
what they’re learning. These cues help new readers identify and attach meaning to words and phrases that they can generalize to other things they read in the 
future. Natural Language Processing robot pointing to symbols of tasks it can process: lists, information, customer service, spam detection. We know that 
computers are a different kind of smart, so while a computer needs to understand the elements of natural language described above, the approach needs to be 
much more scientific. NLP uses algorithms and methods like large language models (LLMs), statistical models, machine learning, deep learning, and rule-based 
systems to process and analyze text. These techniques, called parsing, involve breaking down text or speech into smaller parts to classify them for NLP. Parsing 
includes syntactic parsing, where elements of natural language are analyzed to identify the underlying grammatical structure, and semantic parsing which 
derives meaning. As mentioned in the last unit, natural language is parsed in different ways to match intended outcomes. For example, natural language that’s 
parsed for a translation app uses different algorithms or models and is parsed differently than natural language intended for a virtual assistant like Alexa. 
Syntactic parsing may include: Segmentation: Larger texts are divided into smaller, meaningful chunks. Segmentation usually occurs at the end of sentences at 
punctuation marks to help organize text for further analysis. Tokenization: Sentences are split into individual words, called tokens. In the English language, 
tokenization is a fairly straightforward task because words are usually broken up by spaces. In languages like Thai or Chinese, tokenization is much more 
complicated and relies heavily on an understanding of vocabulary and morphology to accurately tokenize language. Stemming: Words are reduced to their root 
form, or stem. For example breaking, breaks, or unbreakable are all reduced to break. Stemming helps to reduce the variations of word forms, but, depending on 
context, it may not lead to the most accurate stem. Look at these two examples that use stemming: “I’m going outside to rake leaves.” Stem = leave “He always 
leaves the key in the lock.” Stem = leave Lemmatization: Similar to stemming, lemmatization reduces words to their root, but takes the part of speech into 
account to arrive at a much more valid root word, or lemma. Here are the same two examples using lemmatization: “I’m going outside to rake leaves.” Lemma = 
leaf “He always leaves the key in the lock.” Lemma = leave Part of speech tagging: Assigns grammatical labels or tags to each word based on its part of speech, 
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such as a noun, adjective, verb, and so on. Part of speech tagging is an important function in NLP because it helps computers understand the syntax of a 
sentence. Named entity recognition (NER): Uses algorithms to identify and classify named entities—like people, dates, places, organizations, and so on-in text to 
help with tasks like answering questions and information extraction. Semantic Analysis Parsing natural language using some or all of the steps we just described 
does a pretty good job of capturing the meaning of text or speech. But it lacks soft skill nuances that make human language, well, human. Semantic parsing 
involves analyzing the grammatical format of sentences and relationships between words and phrases to find the meaning representation. Extracting how people 
feel, why they are engaging, and details about circumstances surrounding an interaction all play a crucial role in accurately deciphering text or speech and 
forming an appropriate response. Here are several common analysis techniques that are used in NLP. Each of these techniques can be powered by a number of 
different algorithms to get the desired level of understanding depending on the specific task and the complexity of the analysis. Sentiment analysis: Involves 
determining whether a piece of text (such as a sentence, a social media post, a review, or a tweet) expresses a positive, negative, or neutral sentiment. A 
sentiment is a feeling or an attitude toward something. For example, sentiment analysis can determine if this customer review of a service is positive or negative: 
"| had to wait a very long time for my haircut.” Sentiment helps identify and classify emotions or opinions in text to help businesses understand how people feel 
about their products, services, or experiences. A happy-looking woman with a speech bubble that says, “This is my favorite pizza, ever!” and a grumpy-looking 
man with a speech bubble that says, “I’m still waiting for my haircut.” Intent analysis: Intent helps us understand what someone wants or means based on what 
they say or write. It’s like deciphering the purpose or intention behind their words. For example, if someone types, “I can’t log in to my account,” into a customer 
support chatbot, intent analysis would recognize that the person’s intent is to get help to access their account. The chatbot might reply with details about 
resetting a password or other means the user can try to access their account. Virtual assistants, customer support systems, or chatbots often use intent analysis 
to understand user requests and provide appropriate responses or actions. Context (discourse) analysis: Natural language relies heavily on context. The 
interpretation of a statement might change based on the situation, the details provided, and any shared understanding that exists between the people 
communicating. Context analysis involves understanding this surrounding information to make sense of a piece of text. For example, if someone says, “They had 
a ball,” context analysis can determine if they are talking about a fancy dance party, a piece of sports equipment, or a whole lot of fun. It does this by considering 
the previous conversation or the topic being discussed. Context analysis helps NLP systems interpret words more accurately by taking into account the broader 
context, the relationships between words, and other relevant information. These three analysis techniques—sentiment analysis, intent analysis, and context 
analysis—play important roles in extracting valuable insights from text and speech data. They create a more sophisticated and accurate understanding and 
engagement with textual content in various applications of NLP. Summary In this module, you’ve learned about NLP at a very high level, and as it relates to the 
English language. To-date, the majority of NLP study is conducted using English, but you can also find a great deal of research done in Spanish, French, Farsi, 
Urdu, Chinese, and Arabic. NLP is a very rapidly evolving field of Al. And advancements in NLP are quickly leading to more sophisticated language 
understanding, cross-language capabilities, and integration with other Al fields. Resources Simplilearn: Natural Language Processing in 5 Minutes External Link: 
TechTarget: natural language processing (NLP) External Link: WeAreBrain: Rule-based Al vs machine learning: What’s the difference? Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/natural-language-processing-basics/1fa539ec8d8cb8df1379f1729d511c7b_badge.png 
Natural Language Processing Basics 100% Progress: 100% View more modules Skip to main content Machine Learning Predictions: Quick Look Explore 
Machine Learning Predictions Time Estimate About 5 mins Topics Learning Objectives Unlock the Power of Your Data Inject Machine Learning into Your 
Business Benefit from Machine Learning, No Data Science Experience Required Resources Challenge +50 points Get help with this badge Provide feedback for 
this badge Explore Machine Learning Predictions Learning Objectives After completing this unit, you’ll be able to: Understand what machine learning can do for 
your CRM data. Identify ways to use machine learning predictions. Unlock the Power of Your Data Today, trillions of gigabytes of data exist. And as a company in 
the age of artificial intelligence (Al), the data you possess can predict future outcomes and drive decision-making. But according to the Salesforce Untapped Data 
Research, most companies aren’t harnessing the power of their data’s potential even though four out of five (80%) business leaders say data is critical to 
decision-making. Using a type of Al called machine learning (ML), you can transform historical data into predictive insights. This is known as predictive Al, which 
is different from generative Al. Predictive Al informs, using existing data to discover something new about the data. For example, predictive Al estimates the 
likelihood of attrition or fraud. Generative Al assists, using existing data to create new data similar to what already exists. For example, generative Al creates new 
text and images. To learn more about predictive vs generative Al, check out the Discover Al Techniques and Applications unit in Data Fundamentals for Al. Inject 
Machine Learning into Your Business Predictive insights from machine learning enable business users to make better decisions, faster. Use predictive Al from 
machine learning to drive innovation, efficiency, and strategic decision-making across your organization. Here are some of the top use cases for predictive 
insights (but there are plenty more). Team Use Case Sales Increase conversion Improve win probability Decrease time to close Increase repeat business Increase 
lifetime value Impact of discount Predict expected revenue Intelligent white space Cross-sell Service Likelihood of escalation Risk of churn Increase CSAT/NPS 
Reduce handle time Finance Forecasting revenue Reduce late payments Increase invoice fulfillments Maximize margins Reduce cost Reduce attrition Reduce 
compliance risk Predict long- term value (LTV) Analytics Classify data Score data Human Resources Personalize benefits Improve team productivity Reduce 
attrition Score leads Likelihood to hire Improve candidate targets Identify top performers Marketing Improve media spend Increase advertising ROI Detect market 
shift Increase conversion Operations Improve inventory management Improve network utilization Increase on-time delivery Reduce cost Optimize resources 
Likelihood to adopt Benefit from Machine Learning, No Data Science Experience Required You don’t need to be a data scientist to leverage machine learning. 
While data scientists are often involved in training and refining ML models, the insights from the model are meant for the business users. According to the 
Harvard Business Review, data scientists struggle to communicate the value of ML insights and cite “results not used by decision makers” as one of the top 
challenges. Adding ML to Salesforce bridges the gap between data scientists and the business. In Salesforce, users can make decisions and take actions on the 
ML insights, without having to read a data science report. You can transform historical data into meaningful insights for your organization using Einstein. 
Einstein Studio: Use the ML-powered insights in Data Cloud with Connected Models data science teams already built by connecting to it and bringing the model’s 
insights into Salesforce. You can leave the model where it is (like AWS SageMaker), and leverage its ML-powered insights within Salesforce. Einstein Discovery: 
Build your own ML model from the ground up in CRM Analytics, with Einstein’s guidance. Rely on Einstein to walk you through building, training, evaluating, and 
activating an ML model in Data Cloud. Now you understand what machine learning can do for your data, and can identify ways your organization can benefit from 
ML-powered predictions. Resources External Site: Data Science and the Art of Persuasion Trailhead: Data + Al + CRM: Quick Look Trailhead: Data Fundamentals 
for Al Trailhead: Artificial Intelligence Fundamentals Trailhead: Innovate with Machine Learning (Data Innovation with Google Cloud) Trailhead: Einstein Discovery 
Basics Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/machine-learning-predictions-quick- 

look/9891fb7937 10ba984f258f68d1be4923_badge.png Machine Learning Predictions: Quick Look 100% Progress: 100% View more modules Skip to main content 
Google Analytics 360 Integration for Sales Cloud Get Started with the Analytics 360 Integration for Sales Cloud Time Estimate About 5 mins Topics Learning 
Objectives Online and Offline, Sales and Marketing, Connecting the Dots What is Google Marketing Platform and what is Analytics 360? How Salesforce and 
Google Put It All Together Two Things You Need to Know Resources Challenge +50 points Get help with this badge Provide feedback for this badge Get Started 
with the Analytics 360 Integration for Sales Cloud Learning Objectives After completing this unit, you'll be able to: Explain what Google Analytics 360 is. Outline 
the values of the integration with Salesforce Sales Cloud. List the integration requirements to get started. Note This module was produced in collaboration with 
Google, which owns, supports, and maintains the Google products, services, and features described here. Use of Google products, services, and features is 
governed by privacy policies and service agreements maintained by Google. Note Universal Analytics 360 and the data sources it uses, universal properties 
(UA), are being sunset. Trailhead shall maintain these modules to support Trailblazers who continue to use these services until such time. We are hard at work 
developing content that supports the new Google Analytics 4 (GA4) integration. Online and Offline, Sales and Marketing, Connecting the Dots With customer 
touch points occurring across so many sources, it can be hard for marketing and sales teams to create a complete, accurate view of the customer story. It’s even 
harder when a large portion of the sales process occurs offline. Like chapters in a book, you need to have them all together for everything to make sense. When 
you have a complete view of the customer, you can understand how effective your marketing has been in delivering sales. You can improve the performance of 
your digital marketing by optimizing your bids or by focusing on the most valuable audiences. Sales teams can get even more targeted and relevant support to 
help them progress and close deals. The sales funnel has a combination of online interactions, such as site browsing, and offline interactions, such as marketing 
and sales qualification. What is Google Marketing Platform and what is Analytics 360? Google Marketing Platform is a unified advertising and analytics platform 
that helps enterprise marketers make better decisions faster. With Google Marketing Platform, you’re in control of your marketing, so you have the flexibility to 
adapt to the needs of your business and your customers. Google Analytics 360*, part of Google Marketing Platform, gives you the tools you need to better 
understand your customers. Use the insights you learn to take action, such as improving your website, creating tailored audience lists, and more. In addition to 
the features available in Google Analytics, Analytics 360 provides additional capabilities: Advanced Analysis Unsampled reports Google BigQuery export Data- 
driven attribution Native integrations with Google Marketing Platform Integrations with Salesforce *There is an annual license fee for Analytics 360 and 
Salesforce is an authorized reseller. How Salesforce and Google Put It All Together With the Sales Cloud and Google Analytics 360 integration, you can link your 
accounts and import your Sales Cloud data directly into Analytics 360 and get a more complete view of the entire customer story, whether it happens online, 
offline, or both. This will help you better optimize your digital marketing and bring more customers to your sales teams. This integration is designed to save time, 
get more valuable insights, help you optimize your media, and customize your marketing experiences for specific audiences. Save Time. Combining all of these 
offline and online insights used to be a time-consuming process involving multiple spreadsheets and disparate data. This integration helps you cut down on the 
wait time from importing offline conversion data and helps you stitch together these insights automatically, updating as often as hourly. Get More Insights. With 
Sales Cloud data in Analytics 360, you can see offline sales data alongside your site analytics and media data. For example, is organic search driving more phone 
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sales compared to paid search? With your offline sales data from Salesforce Sales Cloud in Analytics 360, you now have the insights to help you answer this 
question, and many more. Optimized Media for Better ROI. Optimize paid media based on offline sales activity. For example, once you’ve created Goals in 
Analytics 360 based on your Sales Cloud events, you can automatically optimize your search or display campaigns for actual sales that occur offline, instead of 
optimizing for form submissions on your site. This will likely lead to improved ROI as you spend your digital media budgets on more valuable outcomes. 
Intelligently Build Audiences. With Sales Cloud data in Analytics 360, you will be able to more intelligently build audiences based on the intersection of online and 
offline data. For instance, you can create audiences in Analytics 360 made up of qualified leads from Sales Cloud. You can then reach those customers with more 
relevant ads, including search ads, display ads, and video ads. Two Things You Need to Know There are two key requirements you should keep in mind if you are 
interested in using this integration. You must be a licensee of both Salesforce Sales Cloud and Analytics 360 in order to use this integration. This integration is 
only available to customers who have purchased Analytics 360. The integration supports sharing data from Sales Cloud Objects Leads and Opportunities. The 
Leads and Opportunities shared with Analytics 360 must have originated from an Analytics 360-tagged site for the integration to work, and the lead can be 
created either via an online lead form (native integration) or via a phone call (custom solution adding a call tracking solution). Note If your organization uses 
Custom Objects, you may have to use an alternative setup depending on how those Custom Objects are deployed. Please refer to Unit 3: Dive Into Some Use 
Cases and Examples and corresponding resources, or consult with your service provider for more details. Resources Connect online and offline insights with 
Google Analytics 360 + Salesforce Sales Cloud Google Marketing Platform Google Analytics 360 Integration for Marketing Cloud Engagement Quiz Complete! 
+50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/google-analytics-360-sales- 
cloud/a7e47f4428e6da9f69b69e51f3da1466_badge.png Google Analytics 360 Integration for Sales Cloud 100% Progress: 100% View more modules Skip to main 
content Google Analytics 360 Integration for Sales Cloud Learn Setup and Administration Time Estimate About 5 mins Topics Learning Objectives What’s 
Required? Key Roles Permissions Create Custom Fields in Sales Cloud Adjust Your Lead Form Link Analytics 360 to Your Sales Cloud Account Select the 
Milestones to Import Set Import Frequency and Verify Setup Resources Challenge +25 points Get help with this badge Provide feedback for this badge Learn 
Setup and Administration Learning Objectives After completing this unit, you’ll be able to: Identify the key roles involved in integrating Sales Cloud and Analytics 
360. List the technical and administrative steps needed to complete the integration. In this unit, we review the technical steps required to integrate Sales Cloud 
and Analytics 360. The good news is that linking your Sales Cloud and Analytics 360 accounts is easy! What’s Required? You will need login and administrative 
access to both Analytics 360 and Sales Cloud, as you’ll need to both configure Sales Cloud to collect certain data and then Analytics 360 to map to and receive 
that data. Three people standing in a meeting room discussing integration. Key Roles While stakeholders may vary depending on company size and organization, 
there are typically 3 key roles needed to ensure a successful integration of Sales Cloud and Analytics 360: Analytics Lead and/or Admin. An Analytics 360 
Administrator is necessary to create a new data import from Sales Cloud and set up the new events within Analytics 360. This requires proper credentials within 
Analytics 360. CRM Lead and/or Admin. A Salesforce Administrator will need to set up the link with Analytics 360 and create the fields in Sales Cloud to store key 
data—Analytics Client ID (GACLID) and Google Analytics Tracking ID—in the Lead and Opportunity objects. Web Development Lead. A web developer is 
necessary to modify the lead collection form on your website and add the GACLID to the parameters passed to Sales Cloud upon lead submission. The size and 
complexity of your implementation will influence who is on the integration team. How your company is organized will also influence who is on the integration 
team. When you are organizing your team and considering who your stakeholders are, keep in mind, one of the main goals is to allow the marketing team and the 
sales team to work better together. Permissions The user performing the linking must be an Admin (have Edit permissions) for the Analytics 360 implementation. 
The Analytics 360 Sales Cloud Data Import requires access to several Salesforce fields, organized by object. A Sales Cloud user with System Administrator 
access likely has access to all necessary fields. Create Custom Fields in Sales Cloud Create three new custom fields where you will store the Google Analytics 
IDs in Sales Cloud. You can name these fields however you’d like. The names below provide examples. Once created, you select and map these fields at the Data 
Import configuration setup stage. Client ID: one with the Field Name, e.g., GACLIENTID User ID: (optional) another with the Field Name, e.g., GAUSERID Tracking 
ID: another one with the Field Name, e.g., GATRACKID These custom fields need to be created on both Lead and Opportunity objects and mapped between the 2 
objects so that once a lead is converted into an opportunity, these fields are copied over. Also, you should ensure that status and stages have history tracking on. 
Adjust Your Lead Form Adjust your lead form to pass the required information into Sales Cloud. Add ClientID as well as User ID (optional) into your lead form as 
new hidden input field(s). Add Tracking ID in your lead form as a new hidden input field with the value matching the Tracking ID for your site. Link Analytics 360 to 
Your Sales Cloud Account In this step, you'll link Analytics to your Salesforce Sales Cloud account by creating a new Data Import data set, and then by 
authorizing access to your Sales Cloud account. First, log in to your Google Analytics 360 account and navigate to Admin > Property, then click Data Import to 
Create a new Data Import Schema. Select the Salesforce type under CRM Data to import data about offline conversions from Sales Cloud. Name and save your 
Data Set. For example, Salesforce Offline Conversions. Create a new Sales Cloud authorization by naming the Credentials set to reuse later (for example, GA-SC) 
and click Access Salesforce.com to log in to your Sales Cloud account in the pop-up and complete the linking. The pop-up will automatically close upon 
successful login authentication and the linking will be completed. The Create Data Set screen with CRM Data section and the Continue button highlighted by a red 
box. Select the Milestones to Import In this step, you'll select the Salesforce lead and opportunity milestones to import. You'll also choose how often to import 
them. Select the Lead and/or Opportunity milestone(s) that you want to import as Events from your Sales Cloud account to Analytics 360. For example: Lead: 
Contacted Lead: Qualified Opportunity: Open / Proposal Opportunity: Closed / Won Opportunity: Closed / Lost You also have the option to import attribute and 
product data. Attribute data import allows you to import user attributes from custom fields and selected standard fields from your Salesforce Lead and 
Opportunity objects. This includes: Industry NumberOfEmployees Rating Scorelntelligenceld This step is highly recommended, as these attributes enable a wide 
variety of new audience targeting and analysis use cases. Set Import Frequency and Verify Setup You’re almost there! In this final step, you’ll first have the 
opportunity to define the frequency of data import—hourly is recommended. In the Analytics 360 UI, navigate to Admin > Property > Data Import and click 
Manage Uploads. In the Uploads for Salesforce Offline Conversions page, click More, then Fetch Now. This will attempt to upload your Sales Cloud data to 
Analytics. If the upload is successful, the Status column will show Completed. If an error occurs, the Status column shows Failed with a link to display more 
details. Resources About Importing Salesforce Sales Cloud Data Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/google-analytics-360-sales-cloud/a7e47f4428e6da9f69b69e51f3da1466_badge.png Google 
Analytics 360 Integration for Sales Cloud 100% Progress: 100% View more modules Skip to main content Google Analytics 360 Integration for Sales Cloud Dive 
Into Some Use Cases and Examples Time Estimate About 10 mins Topics Learning Objectives Visualize the Full Sales Funnel from Online to Offline Optimize 
Your Marketing Investment to Offline Goals Intelligently Build Audiences with Sales Cloud Data Learn How You Can Delight Your Customers Even More 
Resources Challenge +25 points Get help with this badge Provide feedback for this badge Dive Into Some Use Cases and Examples Learning Objectives After 
completing this unit, you’ll be able to: Describe several use cases for the Sales Cloud and Analytics 360 integration. Understand how data from Sales Cloud and 
Google Marketing Platform in Google Cloud can be used for advanced marketers. Now that you’ve learned the basics about the Sales Cloud and Analytics 360 
integration, let’s dive deeper into use cases and examples of how our platforms can work together to empower your sales and marketing teams to work better 
together. Visualize the Full Sales Funnel from Online to Offline Use Online Events from Analytics 360 and Offline Events Imported from Sales Cloud One of the 
simplest but most effective ways to get value from this integration is to explore your offline Sales Cloud data directly in Analytics 360. First, ensure that you are 
tracking the relevant steps of the online funnel with events. For example, if you want to look at the funnel of users who visited your product page then submitted a 
lead and finally converted, you should set up an event in Analytics 360 for when a user visits your product page. From there, create a custom report that looks at 
each of those events, the online events measured by Analytics 360 (e.g., the product page visit and the lead form submission) and the offline events imported 
from Sales Cloud (e.g., lead and opportunity milestones). Then analyze your full online to offline funnel to understand the performance of your different marketing 
channels. Use Custom Funnels and Build Targeted Audiences Using the Custom Funnels feature in Analytics 360, you can visualize the steps your users are 
taking to complete a purchase on your website and take action where there is drop off. Now with your Sales Cloud data integrated into Analytics 360, you can use 
Custom Funnels to see how successful your business is at turning online leads measured in Analytics 360 into offline sales measured in Sales Cloud. Imagine 
you are a solar panel company, and your website has a lead form potential customers can use to get in touch with a member of your sales team. Now, you can 
use Custom Funnels to visualize what percentage of leads submitted online were converted to in-person consult, and then which of those went on to purchase 
the solar panels. These visual reports help you identify drop-off points so that you can fine-tune the customer experience and improve marketing performance. 
The Solar Panel Sales Performance dashboard in Google Analytics 360 showing 101 qualified sales opportunities and a call to action based on the data. To take 
immediate action from Custom Funnels, you can simply click Create new segment to build an audience of people who have dropped off from a particular stage. 
Once you have that audience segment built, you can use it for media targeting, site personalization, or qualitative research. For example, you could build a 
segment of customers who have filled out the online lead form but have not scheduled a call with a sales agent. You could use digital ads or custom site 
messaging to encourage this group to follow up. You learn more about this in the sections below. Then, with advanced attribution tools in Analytics 360, such as 
Data-driven Attribution, you can create more accurate cross-channel attribution models so you can better understand what channels drive offline sales. For 
example, after you apply a data-driven statistical model, you may uncover that paid search and email drives more offline solar panel installations than social. You 
can use this information to adjust your investment for paid search and email—improving your return on ad spend (ROAS) in the process. Optimize Your 
Marketing Investment to Offline Goals Going one step further, you can also create Goals in Analytics 360 based on your Sales Cloud events and optimize your 
digital marketing campaigns for sales that occur offline, instead of just optimizing for form submissions on your site. How? Simply share these goals (triggered 
by offline events imported from Sales Cloud) to Google Ads and Search Ads 360, then adapt your search bidding strategy to account for these goals. Note For the 
solar company optimizing media for installations scheduled over the phone, this could mean paying more for keywords that drive those successful phone calls, 
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and paying less for keywords which drive unqualified leads that do not convert to consultations or to eventual sales. Intelligently Build Audiences with Sales 
Cloud Data In addition to more insightful reporting and smarter media optimization from offline data, the connection between Analytics 360 and Sales Cloud 
gives you even more audience attributes to work with, helping you improve the specificity of your audiences. For example, if you’re an insurance company that 
generates leads online but sells policies in person via an agent, you could build an audience in Analytics 360 of all customers who have purchased an auto 
insurance policy offline. You could use that audience to either deliver relevant display ads (like new insurance products shown to those who browsed that page 
online) using Display & Video 360, or customize your website (like a customer service showcase) using Optimize 360. Note Optimize 360, part of Google 
Marketing Platform, allows you to create different variations of your website and deliver a personalized experience that works for each customer. Powered by the 
native integration with Analytics 360, you can use Optimize 360 to conduct site testing and personalization on the insights you’ve gained from the Analytics 360 
and Sales Cloud integration. Einstein lead score card indicating a positive score of 96. You can even use Einstein Lead Scoring to build these audiences in the 
above use cases. For example, the solar company could build an Analytics 360 audience of users who filled out a lead form online and then were assigned an 
Einstein Lead Score of 80 or higher. Then, they can share that audience with Optimize 360 to ensure those qualified users have a unique site experience or to 
Display & Video 360 to deliver more relevant ads to keep them engaged. Learn How You Can Delight Your Customers Even More Once you have built valuable 
audiences using Sales Cloud and Analytics 360, there are even more opportunities to learn about them and help you discover new, similar customers. Similar 
Audiences. Similar Audiences is a powerful—but simple—way to reach a much larger audience and drive sales by algorithmically expanding the reach of your 
existing audiences. For example, you can import into Analytics 360 an audience of highly qualified leads from Sales Cloud, then send that list to Display & Video 
360 to build a similar audience that looks like your prospects. You can show tailored ads to this list to try to grow new business. Surveys. Google Surveys 360 
gives you the ability to ask questions directly to your audiences, allowing you to learn more qualitative information from your users after you’ve engaged with 
them. For instance, you could ask your customers how they feel about your brand or your category, helping you to learn valuable and first-hand insights. Google 
Cloud for deeper analysis. The integration between Sales Cloud and Analytics 360 also allows users to take advantage of Google Cloud. All your Analytics 360 
data, including your imported Sales Cloud data, can be sent directly to Google Cloud’s BigQuery—a fast, highly scalable, cost-effective, and fully managed cloud 
data warehouse for analytics, with built-in machine learning. Learn more. As you can see, by using the full capabilities of Salesforce Sales Cloud, Analytics 360 
and Google Marketing Platform, you can deliver exceptional experiences for your customers and grow your business. Resources Optimize 360 Sales Cloud 
Einstein Google BigQuery Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/google-analytics-360-sales- 
cloud/a7e47f4428e6da9f69b69e51f3da1466_badge.png Google Analytics 360 Integration for Sales Cloud 100% Progress: 100% View more modules Skip to main 
content Data Analytics Fundamentals Explore Data Analytics Types Time Estimate About 10 mins Topics Learning Objectives Get to the Insight Did You Watch 
the Video? Resources Challenge +100 points Get help with this badge Provide feedback for this badge Explore Data Analytics Types Learning Objectives After 
completing this unit, you’ll be able to: Explain how data analytics improves decision making. Define the different analytics types. Explain descriptive analytics. 
Note This module was produced in collaboration with Amazon Web Services (AWS), which owns, supports, and maintains the Amazon Web Services products, 
services, and features described here. Use of Amazon Web Services products, services, and features is governed by privacy policies and service agreements 
maintained by AWS. Get to the Insight Gathering data points is just a first step. What do you do with all that data? You need to put the information together to help 
people make decisions. This is the core goal of data analytics. And this module introduces you to the different types of data analytics, especially descriptive 
analytics, and how they’re used in common business cases. Watch the following video from Rafael "Raf" Lopes, Senior Cloud Technologist at AWS. The quiz at 
the end of this unit asks questions about the content of this video. Be sure to watch so you get the information you need to answer the questions at the end of this 
unit. Note, Raf mentions the term course and lesson several times. In this context, these mean module. View Transcript Did You Watch the Video? Remember, the 
quiz asks about the video in this unit. If you haven't watched it yet, go back and do that now. Then you'll be ready to take the quiz. Quiz Complete! +100 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-analytics-fundamentals/4f597 6bff8a0a632f73fd65542fa3b6f_badge.png Data 
Analytics Fundamentals 100% Progress: 100% View more modules Skip to main content Data Analytics Fundamentals Understand Common Data Analysis Use 
Cases Time Estimate About 15 mins Topics Learning Objectives Use Data Analytics for a Complex World Did You Watch the Video? Resources Challenge +50 
points Get help with this badge Provide feedback for this badge Understand Common Data Analysis Use Cases Learning Objectives After completing this unit, 
you'll be able to: Explain why data analytics is relevant in modern business. Explain how data analytics tools are used in common scenarios. Use Data Analytics 
for a Complex World What do gaming, commerce, and social media have in common? These verticals each produce a lot of data that organizations use to 
improve their services, as well as detect and troubleshoot issues. In the following video, Raf explores the common verticals and use cases where data analysis is 
present in everyday life. Are we talking about 100 lines of data? 1,000? In some cases, it can be hundreds of thousands—or even millions! How do you work with 
it all? The quiz at the end of this unit asks questions about the content of this video. Be sure to watch so you get the information you need to answer the 
questions at the end of this unit. View Transcript Did You Watch the Video? Remember, the quiz asks about the video in this unit. If you haven't watched it yet, go 
back and do that now. Then you'll be ready to take the quiz. Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-analytics-fundamentals/4f597 6bff8a0a632f73fd65542fa3b6f_badge.png Data 
Analytics Fundamentals 100% Progress: 100% View more modules Skip to main content Data Analytics Fundamentals Take Data Analytics to the Cloud Time 
Estimate About 10 mins Topics Learning Objectives Build Your Data Analytics Solution in the Cloud Did You Watch the Video? Resources Challenge +100 points 
Get help with this badge Provide feedback for this badge Take Data Analytics to the Cloud Learning Objectives After completing this unit, you’ll be able to: 
Explain the challenges of on-premises data collection and analytics tools. List the advantages of cloud-based data analytics. Build Your Data Analytics Solution in 
the Cloud As business has gotten more complex over time, tools and services have gotten more powerful to enable organizations to keep up. A prime example is 
the evolution of data analytics from expensive, on-premises hardware to cloud-based architectures. Raf highlights the differences between these two approaches 
in the following video. View Transcript Did You Watch the Video? Remember, the quiz asks about the video in this unit. If you haven’t watched it yet, go back and 
do that now. Then you'll be ready to take the quiz. Quiz Complete! +100 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data- 
analytics-fundamentals/4f5976bff8a0a632f73fd65542fa3b6f_badge.png Data Analytics Fundamentals 100% Progress: 100% View more modules Skip to main 
content Career Development Planning Assess Yourself Time Estimate About 5 mins Topics Learning Objectives A Quick Introduction to Career Development 
Developing a career plan involves three main steps or phases. Get to Know Yourself What Motivates You Next Steps Resources Challenge +25 points Get help 
with this badge Provide feedback for this badge Assess Yourself Learning Objectives After completing this unit, you'll be able to: List the steps for creating a 
career plan. Identify your unique strengths, skills, and talents and what’s important to you. Describe the different elements of self-assessment. A Quick 
Introduction to Career Development Whether you’re just starting out in your career or already have a few years of experience under your belt, it can be helpful to 
step back and think about your career plan. Career planning is not a one-time event; it’s an ongoing process to revisit throughout your career as your priorities 
and interests shift and change. Career development is like a jungle gym. Picture career development as a jungle gym to explore, not a ladder to climb. There are 
various directions you can explore: up, down, and sideways. When you’re clear about your career goals, you can choose the options that are the best fit. Then it’s 
time to get ready for new experiences or new roles. The career development process can be helpful to revisit when you’re thinking about switching careers or 
applying your existing experience to work in a new field. Or maybe you’re returning to work after a period out of the workforce. Developing a career plan involves 
three main steps or phases. Discover. Plan. Act. You can use these three simple steps to plan your career. Discover. Get to know yourself, including your 
motivations, experiences you want, skills to build, and career goals to achieve. Research and explore opportunities and career paths that interest you and that 
may not have considered before. Plan. Identify a goal and any skills you need to build or to reach that goal. Lay out a plan of how you will achieve that goal. 
Act.Take action on your plan. Identify how to get connected to employers and mentors that can help you. Prepare your resume and social media presence to land 
that dream job. Get to Know Yourself The first step in managing your career is to get a clear picture of who you are and what you want. This includes: Knowing 
what motivates you and what matters in your life Identifying your strengths and opportunities to improve Finding out what you’re most interested in What we 
want can change over time—our priorities change, we can discover new interests or skills that we want to develop and learn. This is an opportunity to check in 
and see where you are today. | know myself and what | want. There are many free self-assessment tools out there to help you identify your own values, skills, and 
interests. We’ve provided links to a few of them in the resources section. You may want to start by exploring some of these tools. We’ve also provided a Career 
Exploration Resources pack with worksheets to guide you through each step of the career development process. We recommend downloading it and finding a 
quiet place where you can work through it. What Motivates You Think about that day you left work or school thinking “Wow, that was a great day!” Do you 
remember what was happening? Whatever it was, you were probably doing something that you found motivating and energizing. Get to know what motivates 
you. What you find motivating is unique to you and it’s the starting point in getting to know yourself. Examples of motivators include: Creativity and innovation 
Problem-solving Being an expert Curious about what motivates you? Complete the Values and Skills Assessment worksheet in the Career Exploration 
Resources pack you downloaded to identify your top 5. Next Steps Once you’ve completed your self-assessment, review your results and identify any themes 
that emerge. It can be helpful to talk over your results with a friend or family member. Next we explore career options and see how they align with the themes 
you’ve identified. Resources Salesforce: Career Exploration Resources pack External Site: Humanmetrics Personality Type Test External Site: O-Net Interest 
Profiler External Site: Career Zone California Skills Profiler External Site: Career Perfect Values Inventory External Site: Barrett Personal Values Assessment 
Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/career-development- 
planning/4ada68ee56380e138e563fb6a4a4816a_badge.png Career Development Planning 100% Progress: 100% View more modules Skip to main content Career 
Development Planning Explore Career Options Time Estimate About 10 mins Topics Learning Objectives Researching Career Pathways Labor Market Trends A 
Day in the Life Conducting Your Research Salesforce Developer Overview Salesforce Administrator Overview Business Analyst Overview Technical Architect 
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Overview Salesforce Marketing Manager Overview Sales Manager Overview Next Steps Resources Challenge +25 points Get help with this badge Provide 
feedback for this badge Explore Career Options Learning Objectives After completing this unit, you’ll be able to: Describe the different job roles within the 
Salesforce ecosystem. Research potential career options that align to your interests. Identify skills and requirements for your target career goal. Researching 
Career Pathways Now that you’ve looked inward to assess your current skills, interests, and values, it’s time to expand your view outward and explore different 
pathways that interest you. Perhaps you already have some ideas about roles that interest you. Perhaps you’ve thought about consulting, but aren’t sure what a 
day in the life is like for that role. Or perhaps there’s a specific industry that interests you, like healthcare or finance, but you’re not sure what the different roles 
are within that industry. Whatever your starting point, this is an opportunity to cast a wide net to see what options interest you. Here are a few ways to research 
different career pathways. Search job descriptions with keywords related to your interest. Talk to others who are already in roles you’re interested in. Attend 
industry events and meetups. Take people in your network out for coffee or lunch to learn more about other functions, teams, and roles. Shadow someone doing 
what you'd like to do in the future. Look for opportunities to be part of a special project to learn new skills. Labor Market Trends One thing to consider as you 
research career options is the labor market demand for specific skills and roles. What are the jobs and industries experiencing the highest growth, and where are 
there more opportunities? Salesforce roles span multiple functional areas, including sales, IT, marketing, business management, and operations. As businesses 
embrace the future of mobile, big data, loT, and Al, Salesforce skills are becoming some of the hottest skills to have on your resume, and that demand is growing. 
Knowing where the demand for a specific skill set, such as Salesforce skills, is strong can give you a starting point for researching different career options that 
draw upon those skills. Here are some places to look for labor market information. Occupational Outlook Handbook Glassdoor’s 50 Best Jobs List A Day in the 
Life Another factor to consider during your research is the day-to-day activities of different roles. Does the role require more time working with others or working 
alone? Is the workday structured with lots of meetings or more self-directed? What types of problems does the role solve? Once you’ve identified specific roles 
that interest you, search online to find more information about a typical day for that role. Use LinkedIn or X to find people in your network with that role and ask to 
interview them. For Salesforce career pathways, you can read stories from Trailblazers who have built their careers on Salesforce. Or explore a typical day in the 
life of different career paths on the Salesforce Career Paths site. Conducting Your Research We’ve provided some information on different career pathways 
within the Salesforce ecosystem as a starting point for researching career options that interest you. Read through the career profiles, the skills required, what a 
day in the life of each of these jobs is like, and some of the additional resources provided. You can also expand your exploration outside this list and do your own 
research on job roles that interest you. Once you’ve identified one or two roles that look interesting, complete the career exploration worksheet in the Career 
Exploration Resources packet you downloaded to do a deeper dive on those career options. Salesforce Developer Overview You believe that any repetitive task 
is best automated with code. You dig into juicy problems and work through the night until you have an elegant solution. Coding Apex and custom applications for 
Salesforce or building with Lightning Web Components are some of the tasks you enjoy tackling. Salesforce Developers build applications with no-code and 
code, without compromise. As Salesforce technology App Management integration and code experts, they deliver innovative customer experiences and success 
for their users, teams, and organizations. Average experience required: 2 to 5 years Specialized Skills General Business Skills Salesforce App management UX 
design Process automation Agile methodology Software development Apex Visualforce Lightning Java/C#/OOP JavaScript JQuery/Angular JS/Bootstrap 
SQL/SOQL Web services Lightning Web Components Communication Writing Problem solving Organization Project management Customer service Teamwork 
Here are some more Salesforce developer resources: A Day in the Life of a Salesforce Developer Salesforce Developer Skills Lead to Dream Job Salesforce 
Administrator Overview You love to help your team be efficient and on top of things. You’re the one that your team depends on to have all their ducks in a row 
and you help them monitor their successes and customer relationships. You provide value to the business by automating complex business processes, creating 
reports and dashboards, and training users on using Salesforce. Salesforce admins solve business problems by customizing the Salesforce Platform. They 
build, configure, and automate technology solutions to deliver business value. Core tasks include supporting users, managing data, managing security, and 
driving actionable analytics. Average experience required: 2 to 5 years Specialized Skills General Business Skills Salesforce Process automation Business 
process Data management and analysis Security management Design mindset System administration Business analysis System and network configuration Data 
validation Communication Organization Problem solving Writing Project management Attention to detail Troubleshooting Here are some more Salesforce 
administrator resources: A Day in the Life of a Salesforce Administrator QUIZ: What Type of Salesforce Admin Are You? The Best Thing | Built on Salesforce: My 
Career What Is a Salesforce Administrator? Business Analyst Overview You love data and providing key business insights based on analyzing multiple data 
sources. You take initiative to identify what the business should be tracking and evaluating. You’re able to think through problems and make actionable 
recommendations. Business analysts focus on business improvements and project successes. They identify needs and value for the customer environment 
while communicating between IT and business stakeholders to ensure everyone involved works together to achieve the best results. Average experience 
required: 2 to 5 years Specialized Skills General Business Skills Salesforce Agile methodology Quality assurance Process optimization Design mindset Business 
analysis Data analysis Data management Financial modeling Scripting languages: SQL, Python Communication Organization Writing Project management 
Problem solving Attention to detail Here are some more business analyst resources: A Day in the Life of a Business Analyst Technical Architect Overview You 
are both a big picture thinker and an in-depth problem solver; your knowledge and skills are broad and deep. You take pride in designing systems that stand up 
to high volumes and won’t fail at critical points. The solutions you design are built for the long-term and can take a company from one customer to one million 
customers seamlessly. You have proven experience integrating systems via APIs and a strong development background. Salesforce architects design, build, and 
deliver the solutions that businesses need to thrive in a demanding economy. They don't need an engineering background, but have deep technical knowledge 
and are the lead technical resource for delivery teams and project stakeholders. Average experience required: 6 to 8 years Specialized Skills General Business 
Skills Salesforce App management Cloud computing Design mindset Quality assurance Marketing software Object-oriented development Knowledge of web 
applications, databases, SQL, and Java System architecture API integration Application design Business process Data management Extraction, transformation, 
and loading (ETL) Software engineering Communication Customer service Project management Problem solving Organization Writing Planning Leadership 
Creativity Here are some more technical architect resources: Going from Developer to Architect My Journey to Salesforce Certified Technical Architect 
Salesforce Marketing Manager Overview You are a modern marketer. You understand the art and science behind creating targeted marketing campaigns that 
connect with your customers. You bring big ideas to the table that drive impressive results. You rely on customer data and marketing automation tools to 
seamlessly engage with audiences across all channels. Marketers are pros at building brand awareness, analyzing market trends, knowing buyers, generating 
leads, and making the most of innovations to stay ahead of the competition. They can specialize in anything from content to products to data analytics. Average 
experience required: 5 to 8 years Specialized Skills General Business Skills Marketing strategy Client relationships Sales practices Business management Social 
media Salesforce Product marketing Digital marketing Market strategy Email marketing Organization Communication Project management Writing Planning 
Creativity Attention to detail Here are some more marketing manager resources: A Day in the Life of a Salesforce Marketing Manager Sales Manager Overview 
You are an excellent communicator and relationship builder, and you enjoy helping your customers succeed. You’re good at juggling multiple priorities and 
managing your time to work on multiple deals simultaneously. You enjoy the thrill of winning an important account and have the persistence and attention to 
detail to overcome obstacles in reaching your goals. Sales professionals generate revenue by delivering high-value product and service solutions that address 
customer problems. They use research, product knowledge, customer engagement skills, and team selling to drive success for both their team and buyers. 
Average experience required: 2 to 5 years Specialized Skills General Business Skills Salesforce CRM Sales Prospecting Closing Lead generation Inside sales 
Account management Presentation skills Project management Data analysis Client relationships Communication skills Writing Customer service Organization 
Presentation skills Relationship building Time management Problem solving Here are some more sales manager resources: Sales Complexity: Why Sales Jobs 
Are More Complex Than Ever The DNA of Top Salespeople Next Steps After researching different career options that interest you, start to narrow down your list 
to the one or two target roles that seem most aligned to your skills, interests, and values. In the next unit, you'll work on creating a specific action plan for your 
target role. Resources Salesforce: Career Exploration Resources pack External site: Indeed.com’s Top Jobs of 2022 External site: The Salesforce economy is 
booming—Get the skills that thrill with Trailhead! Trailhead: Salesforce Commerce Cloud Architect Roles: Quick Look Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/career-development-planning/4ada68ee56380e138e563fb6a4a4816a_badge.png Career 
Development Planning 100% Progress: 100% View more modules Skip to main content Career Development Planning Land Your Next Opportunity Time Estimate 
About 10 mins Topics Learning Objectives Now You're Ready! Update Your Resume Create Your Elevator Pitch Polish Your Personal Brand Research 
Prospective Companies Search for Salesforce Opportunities Connect with a Recruiter Apply for a Job Resources Challenge +25 points Get help with this badge 
Provide feedback for this badge Land Your Next Opportunity Learning Objectives After completing this unit, you’ll be able to: Prepare for interviewing by creating 
your elevator pitch. Create your Salesforce resume and profile. Connect with employers. Now You're Ready! Now that you know where you’re headed and you’ve 
created your plan to get there, it’s time to go out and land that next role. We’ve created a job seeker checklist, included in the Resources pack you downloaded, to 
help you make sure your personal presence is amazing both in person and online. You’re ready! Update Your Resume If you haven’t updated your resume ina 
while, it’s time to dust it off and add in your most recent work experience, and any new skills and certifications you’ve earned. If you’re making a major career 
change or changing industries, consider hiring a professional to help you position your previous experience that is relevant for the new role. Make sure you 
proofread your resume carefully. Have a friend or family member read it over if you can. You don’t want to miss out on an opportunity because you missed a 
typo. Here are a few additional tips for creating a rock star resume. DO THIS NOT THIS Use action verbs Trained 500 users on new sales processes. Responsible 
for end-user training. Highlight accomplishments Designed an automated lead qualification process using Salesforce that resulted in XYZ. Automated processes 
using Salesforce. Be accurate Include dates for each position you’ve held. Don’t leave off information. Don’t lie or provide incorrect information. Create Your 
Elevator Pitch An elevator pitch is the 30-second story of who you are and where you want to go, and it usually ends with a specific ask or request. It’s your 
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personal “commercial.” Hone and practice it until you can deliver it smoothly. Your elevator pitch is the perfect response to questions like, “Tell me about 
yourself” or “What do you do?” It can prepare you for that chance encounter with the company CEO in the elevator (or in the line at the coffee shop, or 
anywhere!). You can have slightly different versions of your pitch, depending on who you’re talking to, but the basic structure is the same. Elements to include 
Examples Who are you? What is your goal? I’m an experienced Salesforce administrator looking to move into a consulting role... I’m a recent MBA graduate 
looking for a role at a nonprofit... Why are you pursuing this goal? What is your motivation? | love helping teams optimize their use of Salesforce and tackling 
new challenges. I’ve been an avid hiker and camper since | was a kid, and | want to work for an organization that’s environmentally focused. What are the skills 
and strengths you bring? What is your key differentiator? | have 5 years’ experience as a Salesforce administrator, and | am a self-taught developer. I’ve earned 
85 Trailhead badges and multiple certifications. I’ve successfully implemented Salesforce for a nonprofit, and I’m an expert with the Nonprofit Success Pack. 
What is your ask? What are the next steps? Can | get your business card to follow up and ask you a few questions? Do you have any recommendations of people 
I can speak with? Are you available to grab coffee in the next couple weeks? Polish Your Personal Brand Your social media presence is the new resume. 
Employers and recruiters look to social media to learn more about candidates, so it’s important to make sure your profiles are top notch and that your personal 
brand is epic, amazing, and every bit as professionally compelling as you are in real life. Consider getting a professional headshot taken to use for all your social 
media profiles. Or use the best recent photo you have. DO THIS... NOT THAT... Your profile picture: Looks like you Is clear and in focus Is high-resolution (1400 x 
425 pixels) Your profile picture does not: Include other people Look like you from 10 years ago Look out of focus or blurry Salesforce Profiles Complete your 
profile on Trailhead. Make sure you have a professional photo and use your newly perfected elevator pitch for your bio. X The Salesforce community is on X, so 
that’s a great place to look for news and information as well as establish yourself as a thought leader. DO THIS NOT THAT X handle Choose an X handle that 
represents you professionally. One option is to use some version of your name, like @SusanSmith. Or use a handle that identifies your area of expertise, like 
@SusanCRMpro. Don’t use a handle that can be considered offensive. Profile Use a professional photo. Use your 160-character bio to describe to employers 
your key skills and accomplishments. Include a link to your LinkedIn profile or other site where employers can get more information. Don’t write your personal 
memoir. Don’t leave it blank or empty, and don’t sell yourself short. Content Tweet primarily about things that relate to your role or industry (consider setting up 
two accounts if you do a lot of personal tweeting). Follow people and companies that you’re interested in. LinkedIn Show off the skills you’ve acquired on 
Trailhead by listing your badges and superbadges as well as any certifications. DO THIS NOT THAT Job title and headline Use your current actual job title. If you 
are looking for work use a job title that conveys the type of role that you want to land.. Your job title shouldn’t lie. Tell it like it is. It’s a small world out there—it’s 
surprising how many connections you share with others. So keep it honest. Summary section Include a short description of yourself and what you do currently. 
Make sure your contact information is up to date. Market yourself as a leader—if you speak at events or have been recognized in your industry, make sure it’s on 
your profile. Don’t write your personal memoir. Don’t leave it blank or empty, and don’t sell yourself short. Don’t include anything that seems outlandish or too 
personal. Rich media Share content 2 to 3 times a week to keep your name fresh and to establish your professional brand. Add key work examples to your profile 
where appropriate. Don’t add things that aren’t relevant to your career and might confuse the viewer. Don’t overwhelm people by sharing content multiple times 
per day. Research Prospective Companies Another important step in creating your career plan is identifying what type of company you want to work for so you 
can narrow your search. There are many types of companies within the Salesforce ecosystem where Salesforce skills are in demand. Here are a few examples. 
Salesforce customers: Salesforce customers span industries and include both large enterprise companies and small and medium-sized businesses. Check out 
our customer success stories for examples. Implementation partners: Our partners, also called system integrators, have deep technology and industry expertise 
and help get Salesforce up and running. They include international firms, and local and industry-specific partners who can give you a tailor-made 
implementation. AppExchange partners: These are companies that have built applications on the Force.com platform and sell them on AppExchange. Nonprofits: 
There are over 20,000 Salesforce nonprofit customers. See Salesforce.org success stories for examples. Here are some questions to ask yourself in narrowing 
your search. Do you prefer working for a small company or a large enterprise? Do you prefer a startup or a more established organization? What type of 
company culture do you prefer? Do you want to work for a nonprofit or mission-driven organization or a commercial enterprise? What industry are you most 
interested in? Search for Salesforce Opportunities Ready to start your search? In addition to the general job sites such as dice.com, monster.com, and others, 
there are many specific job boards for Salesforce roles. Here are a few of the job boards. AppExchange Jobs Marketplace: Search for jobs by location or title, or 
post your profile for employers to find. Jobs at Salesforce: Work at the company voted “most innovative company in the world” for the past 5 years by Forbes 
magazine. Trailblazer Community: There are various groups dedicated to job search and job postings such as the Jobs Postings group. Connect with a Recruiter 
Connect with recruiters that specialize in finding candidates for Salesforce roles. Here are just a few of the recruiters that specialize in recruiting talent with 
Salesforce skills. Mason Frank International Hire On-Demand Tech2 Resources Apply for a Job Once you’ve identified an opportunity that you want to apply for, 
search on Linkedin. See if there’s anyone in your network who works at that company and can provide more information or a recommendation or introduction. 
Review the company’s website and social media to learn more about the company’s business, culture, and products or services. Create a cover letter tailored to 
that job posting. Make sure you address how you fulfill the specific skills and competencies the employer is looking for, using the language they’ve used. Update 
your resume as needed to better target your experience to the posting. Feel free to use the job seeker checklist included in the Career Exploration Resource pack 
you downloaded. Resources Salesforce: Career Exploration Resources pack External Site: World’s Most Admired Companies External Site: The World’s Most 
Innovative Companies Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/career-development- 
planning/4ada68ee56380e138e563fb6a4a4816a_badge.png Career Development Planning 100% Progress: 100% View more modules Skip to main content 
Workforce Navigators: Career Pathways for Trailblazers with Disabilities Get to Know Workforce Navigators Time Estimate About 5 mins Topics Learning 
Objectives What Are Workforce Development Programs? Committed to Equality and Inclusion Inclusive by Design: Purpose-Filled Solutions Workforce 
Navigators Benefits Workforce Navigators in Action Resources Challenge +25 points Get help with this badge Provide feedback for this badge Get to Know 
Workforce Navigators Learning Objectives After completing this unit, you’ll be able to: Explain the purpose of a workforce development program. Describe the 
Workforce Navigators program. Identify the benefits of the Workforce Navigators program. What Are Workforce Development Programs? In simple terms, 
workforce development programs are a set of solutions that support job seekers in advancing their skill sets to meet current and future employment needs. 
Recent Mckinsey studies indicate that taking a skills-based approach to building the future workforce is key. Employers and employees alike benefit from 
programs where job seekers gain new skills for better opportunities and increase the talent pipeline to meet future demands. Programs vary. They can include 
anything from specialized training to address a specific need for a company, to content with basic interview tips to help individuals succeed with their job search. 
Today, organizations across private industries, non-government, local agencies, and more offer workforce development programs. At Salesforce, we provide 
workforce development through a set of diverse programs dedicated to training and hiring for the jobs of tomorrow. These efforts stress equality for all. Our 
Workforce Navigators program aims to ensure that professionals with disabilities have the same opportunities as their peers to advance their career through 
training, mentorship, and certification opportunities within the Salesforce ecosystem. Salesforce is in a unique position. We can foster our program of inclusion 
across partner organizations and customers and expand the reach and networks for job seekers with disabilities. Committed to Equality and Inclusion At 
Salesforce, equality is one of our core company values. And we believe that everyone should have an equal opportunity to learn and grow. Everyone has a 
different path to career success, and we’re committed to empowering people with disabilities to find their success in the Salesforce ecosystem and to providing 
support on their journey. The Workforce Navigators program is an external-facing workforce development program within the Office of Accessibility at 
Salesforce. Established in 2020 and designed for job seekers with disabilities, Workforce Navigators supports individuals who want to learn more about 
Salesforce through learning opportunities, mentorship, and certification access. Since its inception, Workforce Navigators has helped many job seekers with 
disabilities along their journey. Through the program, we’ve partnered with multiple companies to help them develop a more inclusive and accessible career path 
for candidates with disabilities seeking employment. Whether you’re a job candidate with a disability or an HR practitioner working in the DEI (diversity, equity, 
inclusion) space, inside or outside the Salesforce ecosystem, we want to help. We partner with companies to help them upskill their employees and offer the 
public free digital training, publishing resources, and more. Commitment to Workforce Development “We can and should do more. My dream would be a call to 
action for business leaders, to show that business can be a great platform for change. Business and government together can create world-class educational and 
apprenticeship programs to invest in the future of our workforce.” —Marc Benioff, CEO, Salesforce Inclusive by Design: Purpose-Filled Solutions You just 
learned that workforce development programs aim to help people develop new skills, and as a result create a well-trained workforce that can meet the growing 
demands of jobs in the future. Workforce Navigators takes this a step further by supporting Trailblazers with disabilities throughout their entire journey, ensuring 
accessible experiences every step of the way. We believe that a robust and actionable workforce development program that supports professionals with 
disabilities includes the following elements. A referral stream for professionals with disabilities seeking career advancement opportunities. Accessible training 
and learning materials universally designed for inclusion. Opportunities for paid work experience to build an individual’s resume. By supporting professionals 
with disabilities through talent development, everyone can perform at their peak. We offer a network and structure to support growth through an entire career. 
Workforce Navigators Benefits Workforce Navigators offers myriad benefits—from accessible learning content to certification and scholarship support. As a job 
seeker, you can take advantage of learning content presented in the way that best works for you. And if financial support is a concern, you can apply for a 
scholarship to assist with your learning journey. For DEI practitioners or hiring managers, you have the opportunity to review programs that can be reapplied 
within your organization. And importantly, you can tap into a wealth of diverse talent to meet growing job demands. Workforce Navigators in Action Molly just 
started a new job at a finance firm that operates on the Salesforce platform. She uses screen magnification in combination with a screen reader to enlarge 
content on the screen and also have it spoken aloud. She sometimes has trouble using the mouse; she is much faster using the keyboard to get work done. This 
is her first time using Salesforce, and she is searching for a community where she can pick up tips and tricks while she works her way through Trailhead. Molly 
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has the opportunity to join Workforce Navigators for training, mentorship, and scholarships. She can also tap into the Workforce Navigators written accessibility 
resources like screen reader instructions and keyboard-only use. In the next unit, we take a closer look at the three key components of Workforce Navigators. 
Resources External Site: Global Social Development Innovations External Site: McKinsey & Company: Taking a Skills-Based Approach to Building the Future 
Workforce Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/workforce-navigators-career-pathways-for- 
trailblazers-with-disabilities/15026ffbf3eb249ef0fe85c9ebaf3cdd_badge.png Workforce Navigators: Career Pathways for Trailblazers with Disabilities 100% 
Progress: 100% View more modules Skip to main content Workforce Navigators: Career Pathways for Trailblazers with Disabilities Join the Workforce 
Navigators Program Time Estimate About 5 mins Topics Learning Objectives A Three-Tiered Approach to Support Mentorship in Action Corporate and Non-Profit 
Partners Resources Challenge +25 points Get help with this badge Provide feedback for this badge Join the Workforce Navigators Program Learning Objectives 
After completing this unit, you’ll be able to: Describe three ways to participate in the Workforce Navigators program. Access the Workforce Navigators website 
and resources. Discover how you can partner with Workforce Navigators. A Three-Tiered Approach to Support As you learned in the previous unit, Workforce 
Navigators is a workforce development program designed to support professionals with disabilities through mentorship, training, and scholarships. We take a 
multipronged approach to supporting job seekers with disabilities and training. There are many benefits of Workforce Navigators. Let’s explore! Training When 
you join Workforce Navigators, Salesforce learning opportunities expand and open up to you, beginning with our rigorous and disciplined training. As part of 
Workforce Navigators, we offer both intensive, virtual bootcamps and self-paced, online curriculums. Trailhead Virtual Bootcamp is a multi-week program that 
provides fundamental knowledge and expert-led guidance for building Salesforce skills quickly. Job seekers can join prescriptive bootcamps and learn directly 
from Salesforce experts through live sessions. Professionals looking to advance their career can find new opportunities and develop skills and prove their 
expertise by completing Trailhead badges or earning Salesforce certifications through the Bootcamp. To meet individual needs and schedules, job seekers can 
also get the same hands-on learning at their own pace. This flexible, self-paced option offers access to the Salesforce organization to practice new skills, test 
knowledge, and review learning resources. Scholarship Programs To help provide access to training for individuals who may need financial assistance, each 
year we award Trailhead Virtual Bootcamp scholarships to skilled professionals with disabilities who meet certain requirements. To apply, fill out the scholarship 
application. Currently, the scholarship is only available in the US and Canada. Mentorship Program Everyone deserves the chance to have a mentor. That’s why 
Salesforce’s Office of Accessibility created a dedicated mentorship program for people with disabilities. Community is a key element for success, and our 
mentoring program can help you begin building yours. The Workforce Navigators Mentoring Program offers career support to people with disabilities who are 
exploring roles within the ecosystem, working toward Salesforce certification, or already certified. With Workforce Navigators, you learn from the best. After you 
sign up for the mentorship program, we assign you a Salesforce employee mentor, who can help guide you through training and information about careers at 
Salesforce. Consider these mentorship benefits. Meet with a trusted and skilled mentor at least 2 hours per month. Share short-term and long-term career goals 
for insight and guidance. Get actionable advice and suggestions to improve your resume. Participate in mock interviews. Currently only available in the US and 
Canada, check out the mentorship program page to learn about the requirements (there are just a few) and how to enroll as a mentee. Mentorship in Action 
Janice has self-identified with a disability and is currently living in the US. She has taken advantage of the Workforce Navigators Program and has taken virtual 
bootcamp sessions and recently received her admin certification. She is now interested in taking the next step: enrolling in the mentorship program and 
continuing to build more community with Salesforce and its ecosystem. Janice meets the eligibility requirements to become a part of the mentorship program 
because she resides within the US or Canada, has a disability, and has completed her admin certification. Even if she were still working on certification, as long 
as she had completed her classes, she could take advantage of the program. Exam Accommodations We want trailblazers with disabilities to have the resources 
they need to be successful in their roles. To move into a new career, inclusion and resources are critical to ensuring your future success. That’s why we provide 
exam accommodations for the Salesforce Admin certification exam. Learn how to request accommodations on Trailhead Help. Be sure to work with your doctor 
ahead of time to identify what accommodations you will need before submitting your request. Corporate and Non-Profit Partners Workforce Navigators relies on 
the partnership and cooperation of an inclusive ecosystem. The benefits of our program extend well beyond professionals with disabilities working in the 
Salesforce ecosystem. We partner with workforce development organizations to train, certify, and place people with disabilities. The highly skilled and trained 
professionals within our program provide an incredible talent pool and pipeline for companies looking to fill roles in the Salesforce ecosystem. Resources 
External Site: American Psychological Association: The Lifelong Benefits of Mentoring Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/workforce-navigators-career-pathways-for-trailblazers-with- 
disabilities/15026ffbf3eb249ef0fe85c9ebaf3cdd_badge.png Workforce Navigators: Career Pathways for Trailblazers with Disabilities 100% Progress: 100% View 
more modules Skip to main content Workforce Navigators: Career Pathways for Trailblazers with Disabilities Build Community Through Learning and 
Networking Time Estimate About 10 mins Topics Learning Objectives Join Our Community Partnership in Action Remove Barriers: Pave the Way for a More 
Inclusive Hiring Experience Accessibility Barrier Example Become Part of Our Trailblazing Community Resources Quiz Scenario Challenge +25 points Get help 
with this badge Provide feedback for this badge Build Community Through Learning and Networking Learning Objectives After completing this unit, you'll be 
able to: Connect your company with Workforce Navigators. Create a case for accessibility blockers. Become part of the community of trailblazers with 
disabilities. Join Our Community Connect At Salesforce, we take great pride in helping pave the way to a more inclusive workforce. We recognize that fostering a 
more diverse and inclusive culture is a journey. Building community through individual outreach and in partnership with other companies and organizations is a 
key part of this journey. And it begins with individuals in the community who can help build and make connections with Workforce Navigators. We work with 
workforce development organizations to train, certify, and place people with disabilities in the Salesforce ecosystem. For example, we have partnerships with 
nonprofits like the Blind Institute of Technology and BOSMA. The Blind Institute of Technology is a nationwide organization whose aim is to reduce the 
unemployment rate within the blind and visually impaired community. BOSMA is an organization that partners with businesses to create jobs and training 
programs for people who are blind. So what does “work with workforce development organizations” really mean? Let’s take a look. Akasia Parran has been 
legally blind for 5 years. The unmet need in her job search was accessible technology. As part of our partnership with the Blind Institute of Technology, Akasia 
had the opportunity to take a course that offers professionals with disabilities the chance to gain skills for meaningful employment. The Salesforce free online 
learning modules offer enhanced accessibility features. For Akasia, that meant that she was able to complete coursework and became a certified Salesforce 
Administrator in just 6 months. “I wouldn’t have a career without Salesforce’s continuing efforts to create accessible software.” —Akasia Parran To learn more 
about Akasia’s story, read Breaking Accessibility Barriers and Becoming a Salesforce Pro. As a collective whole, we know we can accomplish far more together 
than we ever could alone. The support we receive from our nonprofit partners helps us provide accessible accommodations across our entire Salesforce 
ecosystem. If you’re a professional with a disability pursuing Salesforce credentials, we want you to have the support you need to successfully complete the 
certification exams. To request an accommodation, follow the steps in this article. Be sure to work with your doctor ahead of time to identify what 
accommodations you need before submitting your request. And if you’re an HR practitioner looking to establish a workforce development program of your own, 
contact us at workforcenavigators@salesforce.com. We’re happy to share our learnings, which you can apply in your organization. As we mentioned, we want 
trailblazers with disabilities to have the resources they need to be successful in their roles. We do this by partnering with companies to upskill their employees, 
offering free digital training to the public, publishing resources, and more. The Workforce navigators talent pool is strong and made up of an incredible group of 
highly skilled and diverse individuals. If you’d like to hire from our network, contact us at Workforce Navigators. Partnership in Action Shirley is an HR manager 
who wants to find individuals with Salesforce certifications to fill a few open roles. And in parallel with her talent search, Shirley is building a new workforce 
development program to support professionals with disabilities. Salesforce Workforce Navigators welcomes companies who want to participate in the program 
and access the Workforce Navigators talent network of professionals. And HR professionals like Shirley can get information about nonprofit organizations that 
can help her establish training programs. She can also learn tips and approaches from the Salesforce program to apply at her company. Remove Barriers: Pave 
the Way for a More Inclusive Hiring Experience Earlier in this unit, we mentioned that achieving inclusion and accessibility is a journey. It’s important to 
recognize that every company is at a different stage of development for inclusion. As a Trailblazer with a disability or an advocate for inclusion, we can all play a 
positive role in helping to improve the landscape. Any one of us can be a change agent when we encounter a barrier to success. While most barriers are likely an 
oversight and not an intentional exclusion, it’s up to us all to drive culture changes that remove barriers and put in place best practices. If you feel you have 
experienced a barrier at any point in our hiring experience, we want to hear about it. Accessibility blockers on any software platform should be reported to the 
company’s accessibility team. If you find an accessibility blocker on the Salesforce platform, we welcome your feedback and have a system in place for 
reporting. Use this article to submit your accessibility issue and create a product accessibility support case. It’s also important to celebrate successes and best- 
in-class examples of inclusion and accessibility. View our events page for information about upcoming guest lectures. If you have a great story to share about 
your company, contact us to see if you can become part of our series. Next, let’s consider a scenario where an accessibility barrier prevented a professional from 
performing at their fullest potential. Accessibility Barrier Example Jack finds a great role posted online with a company that has a strong reputation for valuing 
diversity. Jack is a cybersecurity expert and has been deaf since birth. He applies online for the role and is asked to take a few online tests to move forward in the 
interview process. Excited to begin, he opens the first test and discovers there's a video he must watch and answer questions about. Unfortunately, the video 
does not have captions. He does poorly on the exam, and the results are not representative of his actual expertise and knowledge. After he completes the test, he 
reaches out to his hiring contact to let them know the challenges he encountered. As it turns out, they have a version with captioning, and Jack is able to retake 
the test and successfully continue with the hiring process as a top candidate. And going forward, the company institutes a new policy to embed captioning into 
all its training videos so that new hires have the option of turning on captioning, as needed. “Do the best you can until you know better. Then, when you know 
better, do better.” —Maya Angelou, American Poet Become Part of Our Trailblazing Community Regardless of where you are in your career journey as a job 
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seeker, or what roles you are looking to fill as a hiring manager, the Workforce Navigators program can give you a path to success. We can all learn together and 
pave a broader and deeper path for inclusion and accessibility. Let’s keep the momentum going and stay in touch to share opportunities for learning and career 
advancement while playing a part in fostering a culture of inclusion. We have a number of communities and groups you can join. Here’s just a few to get you 
started. Resource Use Contact Information Events/Guest Lecture Series Attend events or share your story. Workforce Navigators Admins with Disabilities Share 
and collaborate with Salesforce admins with disabilities. Admins with Disabilities Trailblazer Community Group DEAForce Join a group of deaf/hard of hearing 
Salesforce trailblazers who share a passion for Salesforce. DEAForce Trailblazer Community Group Disability Topics Discuss all things disability related. 
Disability Topics Trailblazer Community Group Start your own community group! Want to create a different group? Customize your own. Become a Trailblazer 
Community Group Leader Resources Vidyard: Salesforce Service Cloud Screen Reader Demo Quiz Scenario Remember Molly from unit 1? She just started a 
new job at a finance firm that uses the Salesforce platform. She uses screen magnification in combination with a screen reader to enlarge content on the screen 
and also have it spoken aloud. She sometimes has trouble using the mouse and is much faster using the keyboard to get work done. This is her first time using 
Salesforce, and she’s searching for a community where she can pick up tips and tricks while she works her way through Trailhead. Her onboarding included a 
list of Slack channels that she can join to support employees with disabilities. Her new company is part of the Salesforce ecosystem and a member of the 
Workforce Navigators Program, where they were able to access a talent pipeline of Salesforce trained candidates. Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/workforce-navigators-career-pathways-for-trailblazers-with- 
disabilities/15026ffbf3eb249ef0fe85c9ebaf3cdd_badge.png Workforce Navigators: Career Pathways for Trailblazers with Disabilities 100% Progress: 100% View 
more modules Skip to main content Public Key Infrastructure and Encryption Guard Data Transmission Time Estimate About 5 mins Topics Learning Objectives 
Encrypting Data Transmission with TLS Using a PKI Service Resources Challenge +25 points Get help with this badge Provide feedback for this badge Guard 
Data Transmission Learning Objectives After completing this unit, you'll be able to: Define transport layer security (TLS). Identify how public key infrastructure 
(PKI) secures data transmission. Encrypting Data Transmission with TLS One critical link in securing data transmission is to use transport layer security (TLS) to 
encrypt it. TLS is a cryptographic protocol designed to secure communications over a computer network. A protocol describes how the cryptographic algorithms 
should be used to secure information. Cryptographic protocols are used to secure transferred messages during application-level data transport. They are widely 
used in applications such as email, instant messaging, and voice over IP (VoIP). But their use as the security layer in Hypertext Transfer Protocol Secure (HTTPS) 
remains the most publicly visible instance for secure web browsing. Using a PKI Service Many organizations use internal services to simplify the process of 
getting certificates for TLS. If your organization has such a service, you should use it for provisioning and delivering the short-lived certificates to hosts and 
services upon which TLS relies. If your organization does not have an internal service, you should consider planning for or adopting a public key infrastructure 
(PKI) service. A PKI service simplifies the process of encryption by setting up a system for acquiring the certificates that TLS uses to authenticate identity. Let’s 
start by looking at how a PKI service works. PKI is a set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, 
and revoke digital certificates and manage public-key encryption. Digital certificates establish your credentials when doing business or other transactions on the 
web. They are issued by a certification authority (CA) who vouches for their authenticity. In cryptography, a PKI is an arrangement that binds public keys with 
respective identities of entities (like people and organizations). A public key is the key your web browser uses to encrypt or scramble data into ciphertext, which 
is sent to a website. The data is then decrypted with a private key held by the entity that is authorized to view the data. The binding is established through a 
process of registration and issuance of certificates at and by a CA. A CA confirms the validity of a website's certificate and, therefore, verifies that the website 
itself is valid. Diagram that shows how the public key encrypts data on the client side and decrypts it on the server side In general, PKI provides “trust services.” 
Trust services is the process of ensuring the electronic identification of signatories and services. Trust service objectives respect one or more of the following 
capabilities: confidentiality, integrity, and authenticity. Confidentiality: Ensures that no entity can maliciously or unwittingly view your data in cleartext. Data is 
encrypted to make it secret so that even if it is read, it appears as gibberish. This is why the most common use of PKI for confidentiality purposes is in the 
context of TLS. Integrity: Ensures that if transmitted data is tampered with in any way, there is clear evidence that it happened. This traceability is a key trust 
objective of PKI systems. Authenticity: Ensures that you have connection certainty for authentication of data in transit on both the server-side and the client-side 
of the transmission. These trust services are why organizations use PKI services to generate certificates for data encryption over TLS. A certificate service is 
basically an organization of services surrounding a CA that allows it to issue, renew, and revoke certificates. Certificates are what pass a public key to computers 
that need to communicate securely using the PKI system. Your organization most likely has its own customized PKI service to generate the certificates you need 
to securely encrypt your data in transit using TLS. You should use that system to encrypt data in transit, so that you do not risk exposing yourself and your 
organization to attackers on the open internet who might wish to do you harm. Resources External Site: OWASP: Key Management Cheat Sheet Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/public-key-infrastructure-and- 
encryption/471bf7e7c45e56d266393e49dabb05f3_badge.png Public Key Infrastructure and Encryption 100% Progress: 100% View more modules Skip to main 
content Public Key Infrastructure and Encryption Encrypt Data at Rest Time Estimate About 5 mins Topics Learning Objectives What Is Data at Rest? Use 
Encryption to Secure Organization Data at Rest Sum It Up Resources Challenge +25 points Get help with this badge Provide feedback for this badge Encrypt 
Data at Rest Learning Objectives After completing this unit, you'll be able to: Define the risks to data at rest. Explain encryption best practices to protect data at 
rest. What Is Data at Rest? Data at rest is the data housed on computer data storage in any digital form, whether it's in cloud storage, file hosting services, or 
databases. Data at rest can even include physical data stored in warehouses, spreadsheets, archives, or tapes. For the purposes of this module, data refers to 
electronic data. Depending on the core business of your organization, data at rest can be one of the most valuable assets you have. That’s why this type of data is 
subject to threats from attackers. To prevent this data from being accessed or stolen, organizations often employ security protection measures such as 
password protection, data encryption, or a combination of both. Let’s take a closer look at encryption of data at rest. Information protected by encryption both at 
rest and in transit. Use Encryption to Secure Organization Data at Rest Just as it’s crucial to encrypt data in transit, it’s also important to encrypt sensitive data at 
rest. This is to ensure that you handle private data securely, and that it stays private. Your goal when encrypting data at rest should be to implement a solution 
that prevents data visibility in the event of unauthorized access or theft. When protecting data at rest, you want to make sure that encrypted data remains 
encrypted when other controls fail. Sometimes this is done by combining network segmentation and increasing levels of encryption. Encrypting data on multiple 
levels is a good way to enhance its safety. At a minimum, you should: Implement cryptography on the database housing the data and on the physical devices 
where the databases are stored. Update data encryption keys on a regular basis. Store encryption keys separately from the data. Enable crypto-shredding at the 
end of the data or hardware lifecycle. Audit sensitive data at scheduled intervals. Store only the minimum amount of sensitive data. While there are many ways to 
configure encrypted data at rest systems, here are some basic best practices. Asymmetric cryptography (also known as public-key encryption) uses the difficulty 
of certain math problems to give you a pair of keys, each of which can be used to encrypt a message so that only the other key in the pair can decrypt it. That 
means anyone can use the public key to hide something, and only the holders of the private key can unlock it. The holders of the private key can also “sign” any 
message, and anyone in the world can use the public key to verify it was really signed by them. Asymmetric encryption is more secure than symmetric 
encryption as it uses two keys for the process. In a symmetric key system, the same key is used for both encryption and decryption, while in an asymmetric 
system, the encryption key is public and distinct from the decryption key, which is kept secret. Asymmetric cryptography tools include authentication tokens, 
Docker or Java’s JCA. Hardware security module (HSM) is hardware that holds private keys and it can be used without disclosing them. While it's running, you 
can put public-key encrypted information on one end and get decrypted information out of the other, and nobody can ever discover the private key. Defense in 
depth means applying controls at different layers of your technology stack so that you don’t rely on just one control to protect your data. One way to implement 
defense in depth when it comes to encryption is to combine your encryption capabilities with asymmetric cryptography and HSM. This means that even if parts of 
the system are compromised, it is still difficult to access all the data. Strong encryption methods include Advanced Encryption Standard (AES) or Rivest— 
Shamir—Adleman (RSA). These are both encryption standards used by governments, technology companies, and other organizations. The difference between 
them is that AES is a symmetric key system, and RSA is an asymmetric key system. This means that AES uses the same key for encryption and decryption, 
while RSA uses different keys to encrypt and decrypt data. Sum It Up In this module, you’ve learned more about protecting data transmission with TLS and PKI, 
and encrypting data at rest. Using these methods across the board minimizes the chance that attackers can access it. You can learn more about best practices in 
cybersecurity from real security practitioners by visiting the Cybersecurity Learning Hub on Trailhead. Resources External Site: National Institute of Standards 
and Technology (NIST): Advanced Encryption Standard (AES) External Site: NIST: Measuring and Improving the Effectiveness of Defense-in-Depth Postures Quiz 
Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/public-key-infrastructure-and- 
encryption/47 1bf7e7c45e56d266393e49dabb05f3_badge.png Public Key Infrastructure and Encryption 100% Progress: 100% View more modules Skip to main 
content Key Management Safeguard Production Secrets Time Estimate About 10 mins Topics Learning Objectives What Is a Key Management Solution? Why 
KMS? KMS Methodologies Key Management Terms Knowledge Check Resources Challenge +100 points Get help with this badge Provide feedback for this badge 
Safeguard Production Secrets Learning Objectives After completing this unit, you’ll be able to: Define key management solutions (KMS). Explain the value of 
using a KMS. Identify KMS methodologies. Define key management terms. What Is a Key Management Solution? Key management solutions (KMS) rely on a set 
of dedicated servers to administer a full lifecycle of cryptographic keys (keys used to encrypt data) and protect them from loss or misuse. KMS and other key 
management technologies ultimately control the generation, usage, storage, archival, and deletion of encryption keys. Additionally, to fully protect their loss or 
misuse, companies must limit access to these keys, either by restricting physical access or controlling user access by creating clear and defined user roles. 
Data encryption is the bedrock of cybersecurity. Encrypted data remains worthless ciphertext (encrypted or encoded text that is unreadable by humans or 
computers) to anyone who doesn't have access to the encryption keys. So, key management is—in turn—the key to encrypted data security. Keys unlock your 
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secrets, which means they pose a specific security risk if accessed by an unauthorized user. Somehow, you must keep track of the keys, decide who has access 
to them, and figure out how they can be accessed without being exposed. This is the central task of any KMS. Why KMS? KMS is designed to provide application 
owners a way to generate and manage cryptographic keys. These keys should be protected and managed in a secure and physical computing device—a 
hardware security module (HSM)—when possible. HSMs are designed and certified to be tamper-evident and intrusion-resistant, and they provide the highest 
level of physical security. Acommon mistake people make when encrypting data at rest is to use an inadequate key, or to store the key along with the encrypted 
data. This is the equivalent of leaving a key under the doormat of your house. It’s the first place a malicious actor looks for a key, and it puts your data in serious 
danger. Instead, make sure that keys only exist on devices in a transient state. That is, the user should enter them only so that the data can be decrypted and then 
erased from memory. A thief looks under the doormat of a house and finds the key. KMS Methodologies There are various KMS methodologies that centralize key 
generation, distribution, and management. These allow you to maintain control of what keys are in use and who is using them. Traditional Public-Key Solutions 
One reason keys have been difficult to manage is that in a traditional public-key solution, a key is typically assigned to an individual, server, or organization. This 
key works like a signature, validating that the data has come from the proper source. In this technology solution, keypairs persist for years at a time, so the key 
must be carefully guarded against disclosure. Anyone with access to the private key can counterfeit that person's digital signature. Transient-Key Solutions In 
transient-key solutions, the keypair is assigned to a brief interval of time, not to a particular person or entity. Data signed by a specific private key becomes 
associated with a specific time and date. A keypair is active only for a few minutes, after which the private key is permanently destroyed. Therefore, unlike public- 
key solutions, transient-key solutions do not depend upon the long-term security of the private keys. A KMS works as a transient-key solution. Larger 
organizations use a KMS with an HSM to provide a very high level of security. Key Management Terms Let’s talk about some cryptographic key terms you might 
encounter when working with KMS solutions. Password versus key: In Secrets Management for Developers, you learned about the difference between a 
password and a key. Remember that the primary difference between keys and passwords is that the latter are intended to be generated, read, remembered, and 
reproduced by a human user. A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, so human readability is not 
required. In fact, most users will, in most cases, be unaware of the existence of the keys being used on their behalf by the security components of their everyday 
software applications. Symmetric versus asymmetric keys: Asymmetric key algorithms use separate keys for encryption and decryption, while symmetric key 
algorithms use a single key for both processes. Because an asymmetric algorithm uses multiple keys, the process takes longer to produce than a symmetric key 
algorithm does. However, the benefit is that an asymmetric algorithm is much more secure than a symmetric key algorithm. Cryptographic hash: This is a 
mathematical algorithm that maps data of arbitrary size to a bit array of a fixed size (the hash value, hash, or message digest). Hashing is a cryptographic 
process that can be used to validate the authenticity and integrity of various types of input. It is widely used in authentication systems to avoid storing plaintext 
passwords in databases, but is also used to validate files, documents and other types of data. Cryptographic salt: This is the random data used as an additional 
input to a one-way function that hashes data, a password, or a passphrase. Salts are used to safeguard passwords in storage. A KMS solution protects your 
secrets as follows: A developer uses KMS to create or store a secret using the KMS producer service. The producer generates a new secret, embeds 
authorization by attaching the set of services that are allowed to access it, and encrypts it. The developer receives the resulting encrypted blob to check-in to 
source control along with their application. The encrypted secret is deployed to production along with the application, where it is decrypted and exposed to code 
via an in-memory file system. Knowledge Check Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz 
yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to 
check your work. To start over, click Reset. Great work! Resources External Site: National Institute of Standards and Technology (NIST): Special Publication (SP) 
800-57 Part 1 Rev. 5: Recommendation for Key Management External Site: Fortinet: Encryption Quiz Complete! +100 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/key-management/ce404ed28c71e537d78988c3472596c5_badge.png Key Management 
100% Progress: 100% View more modules Skip to main content Key Management Manage Your Keys Time Estimate About 5 mins Topics Learning Objectives 
Key Management Lifecycle KMS Strategies Sum It Up Challenge +25 points Get help with this badge Provide feedback for this badge Manage Your Keys Learning 
Objectives After completing this unit, you’ll be able to: Define the key management lifecycle. Explain the different approaches to key management solutions 
(KMS). Key Management Lifecycle Now that you’ve learned how to keep your production secrets safe, let’s talk about the key management lifecycle and why it’s 
equally important for security. While there are many phases to this lifecycle, key management focuses on creating, maintaining, securing, and controlling the use 
of cryptographic keys. Monitoring this process allows you to assure that the keys are properly created and deployed. There are four phases to the key 
management lifecycle, which are important to securing production secrets. Key Creation and Activation Key Revocation Key Escrow (Backup) Key Deletion 
(Destruction) Let’s take a closer look at each. Key Creation and Activation A key manager creates the encryption key and stores it in a key storage database along 
with its attributes: name, activation date, size, and so forth. You can activate keys at creation or set them to activate later. Key Revocation Any key administrator 
can use the key manager to revoke a key. This places the key in an invalidated state and it can no longer be used for cryptographic purposes like encryption and 
decryption. If needed, you can reactivate revoked keys. An example of this may be when an old key is required to decrypt data previously encrypted with it. Key 
Escrow (Backup) Key escrow allows for keys to be securely archived when they deactivate. Much like key revocation, you can reactivate archived keys if 
required. Key Deletion (Destruction) When a key is no longer necessary or has become compromised, an admin may choose to delete it from the storage 
database. This removes all or certain instances from the database, making recovery impossible (outside of any stored backups). Should a key become 
compromised, an admin can immediately delete it, allowing your data to remain secure.A cycle with symbols of each phase of the key management lifecycle: 
creation and activation, revocation, escrow, and destruction KMS Strategies An organization can take one of several different approaches when it comes to key 
management strategies: decentralized, distributed, or centralized. Manage Your Keys—Decentralized (Local) A decentralized key management solution (DKMS) 
or local key management is an approach to key management where no central authority exists. Individuals bear all the responsibility for creating, securing, 
managing, and destroying cryptographic keys. An example of this is local backup encryption or a local file vault on a computer. Manage Your Keys—Distributed 
(Siloed) Another approach is to use a distributed or siloed key management approach, where you consolidate the management for a particular application or 
system. A common example of this is full disk encryption that is used in large enterprise organizations. The keys for the disk encryption are all managed by a 
central application that is used specifically for that one purpose. Manage Your Keys—Centralized There is also the option of using a dedicated and centralized 
KMS (CKMS). Distributed key management solutions become increasingly difficult to manage as your company grows. A CKMS can unify key management 
across your entire company allowing for scale with the needs of the business. Benefits of a CKMS include providing tamper-evident records for proof of 
compliance along with streamlining key management processes, automatic key updates, and backup and recovery options. It’s important to note that all of the 
above methods are available within the cloud, as well as your company’s on-premise system for key management. However, if scalability, auditing, and security 
are of high concern, CKMS is ideal. By managing keys in a centralized fashion, you reduce operational burdens and associated costs, while maintaining the 
confidentiality and integrity of your keys. Sum It Up In this module, you’ve been introduced to the phases of the key management lifecycle. You’ve also learned 
about different approaches to key management. Interested in learning more about cybersecurity best practices? Check out the Cybersecurity Learning Hub on 
Trailhead. Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/key- 
management/ce404ed28c71e537d78988c3472596c5_badge.png Key Management 100% Progress: 100% View more modules Skip to main content Mobile 
Application Security Implementation Implement Mobile Application Security Time Estimate About 10 mins Topics Learning Objectives Before You Start OWASP’s 
Mobile Security Resources Manage Security Risks with the OWASP Mobile Top 10 Sum It Up Resources Challenge +50 points Get help with this badge Provide 
feedback for this badge Implement Mobile Application Security Learning Objectives After completing this unit, you'll be able to: Identify the Open Web 
Application Security Project’s mobile security resources. List actions to address improper platform usage. Describe how to mitigate insecure data storage, 
communication, and authentication. Explain the risk associated with insufficient cryptography. Before You Start If you completed the Mobile Application Security 
module, then you already know about the mobile application (app) landscape and key skills relevant to mobile application security (appsec) engineering. Now 
let’s talk about how to leverage the Open Web Application Security Project’s (OWASP’s) mobile security resources to help you address mobile security risks. 
OWASP’s Mobile Security Resources OWASP2® is a nonprofit foundation that works to improve the security of applications (apps) and software by providing 
guidelines through local and global conferences and open source software projects. These include the OWASP Mobile Top 10 project, web app project, 
application programming interface (API) security project, serverless computing project, and much more. In this module, we use the OWASP Mobile Top 10 as a 
framework to explain the way to implement mobile appsec. As a mobile application security (appsec) engineer, your challenge is to secure an ever-growing and 
constantly updating mobile app portfolio with finite resources. Thankfully, you can standardize and scale mobile appsec testing using the OWASP Mobile 
Security Project. The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build 
and maintain secure mobile apps. You can use the OWASP’s mobile security resources to build efficient and effective mobile appsec programs. Let’s take a quick 
look at some of the OWASP’s mobile security resources. OWASP Mobile Application Security Verification Standard The OWASP Mobile Application Security 
Verification Standard (MASVS) is a standard for mobile appsec. As a mobile appsec engineer, you can use the MASVS to develop more secure apps, and to 
ensure completeness and consistency of security test results. The goal is to classify mobile security risks and provide developmental controls to reduce their 
impact or likelihood of exploitation. The MASVS maps directly to the OWASP Mobile Security Testing Guide (MSTG). OWASP Mobile Security Testing Guide The 
OWASP MSTG is a project that seeks to define the industry standard for mobile appsec. It covers the processes, techniques, and tools you can use during a 
mobile appsec test, and an exhaustive set of test cases that enables you to deliver consistent and complete test results. The OWASP MSTG is a comprehensive 
manual for mobile appsec testing and reverse engineering for iOS and Android mobile security testers. OWASP Mobile Top 10 The OWASP Mobile Top 10 list is a 
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great resource for mobile appsec engineers who want to design and secure mobile apps, because many of them are inherently vulnerable to security risks. The 


OWASP Mobile Top 10 is a mobile security project focused on highlighting security vulnerabilities in mobile apps and the remediation strategies to mitigate the 
risk associated with them. This list sheds light on technical threats and highlights the risk to the business. Note that this list only covers some of the potential 
vulnerabilities that can be present in a mobile application and it is not comprehensive. Here are the OWASP Mobile Top 10 Risks. M1: Improper Platform Usage 
M2: Insecure Data Storage M3: Insecure Communication M4: Insecure Authentication M5: Insufficient Cryptography M6: Insecure Authorization M7: Poor Code 
Quality M8: Code Tampering M9: Reverse Engineering M10: Extraneous Functionality Manage Security Risks with the OWASP Mobile Top 10 Let’s take a look at 
how you, as a mobile appsec engineer, can use the OWASP Mobile Top 10 to help better manage security risks in your mobile apps. Angeli is an Android 
operating system (OS) mobile appsec engineer at a multinational software corporation that develops enterprise mobile apps to manage business operations and 
customer relations. Angeli holding a mobile device with a shield and a checkmark on it Angeli has been tasked with using the OWASP Mobile Top 10 to evaluate 
her organization’s mobile apps and verify that they’re secure. Let’s follow along as she does so. Note The scenarios below describe examples of each risk but do 
not represent an exhaustive list of issues that could occur under each risk. M1: Improper Platform Usage This risk covers the misuse of a mobile OS feature or a 
failure to use platform security controls properly. It might include Android intents, platform permissions, misuse of biometric authentication mechanisms, 
password storage tools, or some other security control that’s part of the mobile OS. During the evaluation of several of her company’s Android apps, Angeli 
notices that many of them are storing cryptographic keys on the file system. Because cryptographic keys are commonly used to secure particularly sensitive 
data they are a primary target for attackers. An unauthorized user could use a variety of attacks to read the keys from the file system. Angeli knows that storing 
cryptographic material on the standard file system is against Android’s best practices and that her organization is at risk of improper platform usage. She circles 
back with the development team to help them implement a solution using the Android keystore system to store the cryptographic keys as securely as possible. 
M2: Insecure Data Storage This risk covers a case where an adversary attains a lost or stolen mobile device or executes malware or another repackaged app on 
the mobile device. Angeli evaluates the organization’s apps for this risk, and realizes that an app is storing usernames and credentials in plain text in system 
logs. She circles back with the application development team to see if they performed a threat model on the app prior to release, in order to identify insecure 
storage as a possible risk. Noticing they did not perform one, she recommends that the application development manager incorporate threat modeling into the 
development process so that these bugs are identified before release. Angeli further recommends that the development team identify sensitive data that the app 
processes, stores, or transmits, and validate that the data isn’t unnecessarily exposed. Lastly, Angeli informs the development team to create and implement a 
plan as soon as possible for remediating and redeploying the mobile app. Angeli works with the development team to perform a root cause analysis to uncover 
why the vulnerability was not identified before deployment. M3: Insecure Communication This risk covers a case where a threat agent might exploit 
vulnerabilities to intercept sensitive data while it’s traversing the mobile device’s carrier network and the internet. This can occur if an adversary compromises or 
monitors your local Wi-Fi network, or if there’s malware on your mobile device capturing the sensitive data in transit. In evaluating her organization’s mobile apps 
for this risk, Angeli realizes that one of the apps fails to verify that the certificate offered is valid, and instead unconditionally accepts any certificate offered to it 
by the server. This destroys any mutual authentication capability between the mobile app and the endpoint, and leaves the app vulnerable to manipulator-in-the- 
middle (MITM) attacks through a transport layer security (TLS) proxy. An MITM attack occurs when a perpetrator positions themselves in a conversation between 
two parties, such as a user and an application. The intention is to either eavesdrop or to impersonate one of the parties by making it appear as if a normal 
exchange of information is underway and capturing sensitive data. To address this risk, Angeli works with the app development team to ensure the app only 
establishes a secure connection after verifying the identity of the endpoint server using trusted certificates in the keystore. M4: Insecure Authentication This risk 
covers a case where a threat agent exploits authentication vulnerabilities through attacks that use available or custom-built tools. In evaluating the organization’s 
mobile apps for this risk, Angeli realizes that an app uses a weak password configuration policy to simplify how the user enters a password. She works with the 
application development team to replace the 4-digit personal identification number (PIN) currently allowed as an authentication credential with a stronger 
authentication mechanism, to make it more difficult for adversaries to deduce the password. M5: Insufficient Cryptography This risk covers a case where a threat 
agent has physical access to data that’s been encrypted improperly, or uses mobile malware to take advantage of insufficient encryption on a mobile device. In 
evaluating her organization’s mobile apps for this risk, Angeli discovers that an app uses the Data Encryption Standard (DES) algorithm, which has been shown 
to have significant weaknesses. She works with the application development team to re-engineer the app to instead follow the National Institute of Standards and 
Technology (NIST) guidelines on recommended algorithms. Sum It Up Angeli’s organization is on the road to having more secure apps—but her work here isn’t 
done. In the next unit, find out how Angeli protects her organization’s apps against the rest of the Mobile Top 10. Resources Trailhead: Mobile Application 
Security External Site: OWASP: Who is the OWASP® Foundation? External Site: OWASP Mobile Top 10 External Site: OWASP mobile security External Site: 
GitHub: OWASP/owasp-masvs Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/mobile-application-security- 
implementation/0adb0095592894c0e1f31565aff8318a_badge.png Mobile Application Security Implementation 100% Progress: 100% View more modules Skip to 
main content Mobile Application Security Implementation Address Mobile Application Risks Time Estimate About 10 mins Topics Learning Objectives Address 
Mobile Risks Knowledge Check Sum It Up Resources Challenge +50 points Get help with this badge Provide feedback for this badge Address Mobile Application 
Risks Learning Objectives After completing this unit, you’ll be able to: Describe how to address insecure authorization. List actions to improve code quality. 
Explain how to mitigate code tampering. Identify reverse engineering risks. Describe how to prevent extraneous functionality risks. Address Mobile Risks Let’s 
continue to follow Angeli as she works to secure her organization’s mobile apps, using the Open Web Application Security Project (OWASP) Mobile Top 10 as a 
guide. M6: Insecure Authorization This risk covers a case where a threat agent exploits authorization vulnerabilities through attacks that use available or custom- 
built tools. It’s important to recognize the difference between authentication and authorization. Authentication is the act of identifying an individual. Authorization 
is the act of confirming that the identified individual has the permissions necessary to perform the act. The two are closely related, as authorization checks 
should always immediately follow authentication of an incoming request from a mobile device. Upon inspecting the organization’s applications (apps) carefully, 
Angeli discovers that authorization decisions are being executed locally on the client-side of the mobile app during the authentication request. This could lead to 
a situation where an adversary could tweak an incoming request and masquerade as a member of a group they don’t belong to, to gain access to administrative 
functionality. Angeli works with the developers to update the app to authorize the roles and permissions of authenticated users using only information contained 
in back-end systems. She reminds them it’s important to avoid relying on any roles or permission information that comes from the mobile device itself. An 
attacker holding a key and holding up a masquerade mask gaining access to an app on a mobile phone M7: Poor Code Quality This risk covers the case where a 
threat agent passes untrusted inputs to method calls (operators used to call self-contained blocks of code that perform a specific task) made within mobile code. 
Threat actors typically exploit these poor code quality issues via malware or phishing scams. Working with the mobile app pen testing team, Angeli learns that 
the team has been able to exploit a buffer overflow vulnerability in one of the organization’s apps. The exploit allows them to write into areas known to hold 
executable code and replace it with malicious code. She works with the development team to reengineer the code by marking certain regions within the code as 
nonexecutable—a technique known as executable space protection. They also implement bounds checking to automatically check that data written to a buffer is 
within acceptable boundaries. Finally, Angeli works with the team to implement an automated process to identify future buffer overflows through the use of third- 
party static analysis tools. M8: Code Tampering This risk covers the case where the organization’s apps do not implement code signing. The lack of code signing 
allows an attacker to tamper with the app’s code. Typically, this attack occurs when an attacker tweaks a legitimate app’s code after downloading it from a popular 
app store. The attacker modifies the app to include malicious code then uploads it to a lesser known third-party app store, where an unsuspecting user 
downloads it. Angeli discovers that an attacker has created a counterfeit version of one of her organization’s apps. The counterfeit version captures and 
transmits the user’s personally identifiable information (PII), along with their username/password, to a third-party site. This allows the attacker to use the 
information for fraudulent purposes. Angeli contacts both app stores to inform them of the fraudulent use. She provides her app’s signature (distinctive, pattern- 
based detection methods which use expressions or marks for identifying app traffic), so the store can verify that her company is the legal owner of the app. They 
remove the unauthorized copies of the app from their stores, replacing it with the signed version. Angeli puts in place a plan to continually monitor the major app 
stores to check for any new unauthorized versions that have been published, and to submit new reclaiming requests on a regular basis. M9: Reverse Engineering 
This risk covers the case where an attacker downloads the targeted app from an app store and analyzes it within their own local environment using a suite of 
different tools to see how it works. The attacker uses reverse engineering to reveal sensitive and unencrypted information about back-end servers, cryptographic 
constants and ciphers, intellectual property, and more. Working with the mobile app pen testing team to evaluate one of the organization’s apps, Angeli discovers 
that an attacker would be able to run strings against the unencrypted app and find a hard-coded connection string that contains authentication credentials to a 
back-end database. An attacker could use those credentials to gain access to the database and steal Pll data about the app’s users. Angeli consults with the 
development team on a remediation, and they decide to remove the hard-coded connection string and replace the functionality with a server side access 
controlled API to provide the required data to the application. M10: Extraneous Functionality This risk covers the case where an attacker seeks to understand 
extraneous functionalities or unnecessary components within a mobile app to discover hidden functionality in back-end systems. The attacker can typically 
exploit extraneous functionality directly from their own systems without any involvement by end users. Working with the organization's pen testing team, Angeli 
discovers that the mobile app developers included backdoor functionality in one of the organization’s apps that was not intended for release into production 
environments. An attacker could discover this functionality and use it to execute back-end administrative functions. To prevent this from happening in the future, 
Angeli works with her organization to implement manual, secure code reviews using subject matter experts most knowledgeable with this code. The subject 
matter experts make sure to examine the app’s configuration settings to discover any hidden switches, remove test code from the final production release, and 
examine all application programming interface (API) endpoints accessed by the mobile app to verify that they’re well documented and publicly available. They 
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also examine log statements to ensure nothing overly descriptive about the back end is being written to the logs. Thanks to the OWASP Mobile Top 10, Angeli’s 


organization is now much more secure. Knowledge Check Ready to review what you’ve learned? The following knowledge check isn’t scored; it’s just an easy 
way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click 
Submit to check your work. If you’d like to start over, click Reset. Great work! Sum It Up Now that you understand how to use the OWASP Mobile Top 10 to 
mitigate mobile application security (appsec) risks, let’s turn to testing mobile apps next. Resources External Site: OWASP Mobile Top 10 External Site: Medium: 
Method calls and how they work Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/mobile-application-security- 
implementation/0adb0095592894c0e1f31565aff8318a_badge.png Mobile Application Security Implementation 100% Progress: 100% View more modules Skip to 
main content Mobile Application Security Implementation Test Mobile Applications Time Estimate About 10 mins Topics Learning Objectives Static and Dynamic 
Application Security Testing Interactive Application Security Testing and Runtime Application Self-Protection Sum It Up Resources Challenge +25 points Get help 
with this badge Provide feedback for this badge Test Mobile Applications Learning Objectives After completing this unit, you'll be able to: Identify the differences 
between static application security testing and dynamic application security testing. Define interactive application security testing and runtime application self- 
protection. Static and Dynamic Application Security Testing As mobile applications (apps) continue to grow as an attack vector, your organization should 
prioritize mobile application security (appsec) to fortify its overall security posture. Adversaries employ both static attacks based on source code itself and 
dynamic attacks that exploit app functionality. Understanding and remediating mobile app vulnerabilities in your code is vital for your mobile appsec program. 
Mobile appsec testing is the process of analyzing mobile apps to find security weaknesses, such as misconfigurations or vulnerabilities. Testing your apps 
regularly decreases the chance of vulnerabilities occuring or being exploited. Static application security testing (SAST) and dynamic application security testing 
(DAST) are the most popular evaluation techniques available to you in order to secure mobile apps during the software development lifecycle (SDLC). Static 
Application Security Testing SAST is about the prevention of defects, whereas DAST is about finding and fixing the defects. While you perform SAST testing in 
the early stages of the SDLC, before deploying code into production environments, you perform DAST later in the lifecycle. Static and dynamic testing 
complement one another, and each type has a distinct approach to detecting bugs. You use SAST to analyze source code for known vulnerabilities as a form of 
white-box testing that scans and analyzes source code at rest from the inside out. SAST is programming-language dependent. You perform SAST to check the 
defects in software without actually executing the code of the mobile app. SAST tooling scans the source code looking for potentially vulnerable patterns and 
provides a list of results that then are triaged to weed out false positives. A false positive is a mislabeled security vulnerability indicating there is a threat when, in 
actuality, there isn't. A hand holding a mobile phone with an SAST checklist on the screen SAST is often referred to as verification: the evaluation of the 
development process. Though the most mature and easiest to deploy of the appsec testing tools, SAST scans are slow and often prone to high false-positive 
rates when identifying potential vulnerabilities. Dynamic Application Security Testing DAST is a form of black-box testing you perform by executing the mobile 
app’s code. You use it to look for vulnerabilities by simulating external attacks on an application while it runs in a test environment. You use DAST to penetrate an 
application from the outside by checking its exposed interfaces for weaknesses. In DAST, you work with the actual mobile app, not some artifact or model that 
represents the system. You provide an input, receive output, and compare the output to the expected behavior. You use test cases for testing processes and 
study how the code behaves during execution. DAST is often referred to as validation: the evaluation of a finished product. You do this testing as one of the last 
steps before deployment in a test environment, and after code deployment. As a result, fixing problems at this stage becomes more expensive because the 
product is actively in use. DAST is programming-language agnostic and is a good method for preventing regressions. However, it’s hard to automate and scale 
because you need experienced security professionals to tailor these test tools to specific use cases, making it more difficult to create a comprehensive testing 
strategy for each app. DAST also cannot pinpoint the exact source of the problem (for example, the line of code). Furthermore, it can generate a lot of false 
positives. Examples of methodologies for dynamic testing are unit, integration, system, and acceptance testing. Unit Testing: Testing of individual modules by 
developers Integration Testing: Testing the interface between different modules when they are joined System Testing: Testing performed on the system as a 
whole Acceptance Testing: Testing done from the user’s point of view The following table summarizes the differences between SAST and DAST. Attribute SAST 
DAST Execution Happens without the execution of code Involves execution of the code Examination Examines code manually or with an SAST tool Examines 
code by giving a set of inputs to see if the output matches the expected results Time Occurs early on throughout the development of the product Happens after 
the product has been developed Types of Defects Detects missing requirements, design defects, syntax errors, and more Detects if output matches the expected 
values Testing Techniques Involves informal reviews, technical reviews, walkthroughs, inspections, and static code reviews Involves unit, integration, system, 
and acceptance testing Type Prevention Cure Cost Is more cost effective Is comparatively more expensive While both tools have their advantages and 
disadvantages, using them in tandem—along with interactive application security testing (IAST) and runtime application self-protection (RASP)—helps 
strengthen your app’s security, one testing technique at a time. Let’s take a look! Interactive Application Security Testing and Runtime Application Self-Protection 
Interactive Application Security Testing SAST and DAST only provide a snapshot in time of a mobile app’s security weaknesses. These tools alone can’t keep up 
with today’s agile SDLC processes. This means that development, operations, and security teams are often one step behind as they develop, test, and transition 
software into production environments. To make it easier for businesses, appsec tool manufacturers realized that SAST and DAST techniques could be merged 
together to create better, more efficient tools that would include the advantages of both. This is how interactive application security testing (IAST) was born. IAST 
analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the app functionality. While 
DAST provides an outside perspective on the app before it goes live, IAST uses software instrumentation (an ability to monitor or measure the level of a 
product's performance and diagnose errors) to analyze running apps. IAST techniques cover more code, produce better results, and verify a broader range of 
security rules faster than either SAST or DAST tools working alone. IAST solutions deploy agents and sensors in running apps and continuously analyze all app 
interactions initiated by manual tests, automated tests, or a combination of both, to identify vulnerabilities in real time. If a vulnerability is detected, the tester or 
testing team is notified. This analysis allows developers to pinpoint the source of an identified vulnerability and fix it quickly. IAST also produces less false 
positives and false negatives (misidentified security vulnerabilities that claim you don’t have vulnerability when you do) than SAST and DAST, decreasing the 
workload on scarce security resources and making it easier to identify the most critical flaws. IAST tools are not confined to a particular phase of the SDLC. Even 
though they deliver a lot of value during the development phase, because they help developers fix risks in real time, IAST tools are incredibly useful during the 
testing phase as well. They’re also valuable when the system is in production, because operations and appsec teams can benefit from the risk detection, with 
little performance hit and little risk of false positives. While [AST tools can provide good benefits, they also are more complex to implement correctly and require 
mature security development practices and comprehensive build integration in order to recognize their benefits. Runtime Application Self-Protection While [AST 
monitors an app for security vulnerabilities while it’s running, runtime application self-protection (RASP) monitors an app to detect and prevent fraudulent 
activities even before it runs, effectively protecting the app from both known and unknown (zero-day) attack vectors. You can use RASP to gain insight into an 
app’s internal data and state, and identify threats at runtime that may have otherwise been overlooked by other security solutions. When an app begins to run, 
RASP can protect it from malicious input or behavior by analyzing both the app's behavior and the context of that behavior. One advantage of RASP is that it 
requires minimal intervention of an administrator during deployment. When a security event in an app occurs, RASP takes control of the app and addresses the 
problem. In diagnostic mode, RASP will simply sound an alarm that something is amiss. In protection mode, it will try to stop it. For this reason, RASP can be 
beneficial to businesses with lean security resources because it can automatically block attacks on the spot without the need for human intervention. It’s 
important to first implement RASP in diagnostic mode, to observe how the tool makes decisions, before implementing protection mode. You likely use other 
technologies such as intrusion prevention systems (IPS) and web application firewalls (WAF) to protect your apps at runtime, but these technologies work in-line 
as they inspect network traffic and content. Although they analyze traffic and user sessions to and from apps, they cannot see how traffic and data are being 
processed within apps themselves. Additionally, instead of analyzing preset signatures or known patterns based on commonly known attacks, as a WAF would, 
you can use RASP to look for suspicious actions taking place in the app. Sum It Up You now have a better understanding of how to use SAST, DAST, IAST, and 
RASP to test and secure your mobile apps. Next, let’s turn to how to use network and mobile app penetration testing (pen testing) to further secure them. 
Resources Trailhead: Secure Development Lifecycle Trailhead: Responsibilities of a Penetration Tester PDF: National Institute of Standards and Technology 
(NIST): Guidelines on Minimum Standards for Developer Verification of Software External Site: Microsoft: Tracing and Instrumenting Applications External Site: 
Gartner: Runtime Application Self-protection (RASP) Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/mobile- 
application-security-implementation/0adb0095592894c0e1f31565aff8318a_badge.png Mobile Application Security Implementation 100% Progress: 100% View 
more modules Skip to main content Mobile Application Security Implementation Implement Network and Mobile Application Pen Testing Time Estimate About 5 
mins Topics Learning Objectives Network Testing Mobile Application Pen Testing Sum It Up Resources Challenge +25 points Get help with this badge Provide 
feedback for this badge Implement Network and Mobile Application Pen Testing Learning Objectives After completing this unit, you’ll be able to: Explain network 
testing. Describe mobile application penetration testing. Network Testing Mobile devices regularly connect to a variety of networks, including public Wi-Fi 
networks shared with other (potentially malicious) clients. This creates opportunities for a wide variety of network-based attacks ranging from simple to complex 
and old to new. Therefore, it’s vital to maintain the confidentiality, integrity, and availability (CIA) of information exchanged between the mobile application (app) 
and remote service endpoints. One best practice is to verify your mobile app sets up a secure, encrypted channel for network communication using the latest 
version of transport layer security (TLS) protocol with appropriate settings. Network security specialists, pen testers, and mobile application security (appsec) 
engineers conduct regular pen testing and vulnerability checks to enable smooth and secure functioning of mobile apps. They test how the app performs under 
various network types, connection speeds, and quality levels including slow and interrupted connections. They also attempt to circumvent the security of the app 
by trying to exploit the app’s functionality through pen testing. Mobile Application Pen Testing A mobile app pen test emulates an attack specifically targeting a 
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custom mobile app and aims to enumerate all vulnerabilities within the app. Pen testing can be used across the entire spectrum of an IT infrastructure, including 


network, web application, and database. But today, we also see pen testing used widely for another segment: mobile appsec. You perform pen tests of mobile 
apps for security vulnerabilities by using either manual or automated techniques to analyze the app. You use these techniques to identify security flaws that may 
occur in the mobile app. Your purpose in pen testing is to ensure that the mobile app is not vulnerable to attack and that mitigations are in place to prevent 
exploitation. Pen testing requires a diligent effort to find weaknesses, just like an attacker would. You perform deep-dive testing into local on-device security 
issues, back-end web services, and the application programming interfaces (APIs) that connect them. You customize assessments to specific concerns, such as 
reverse engineering an iOS app or malware threats to an Android app. During pen testing, you simulate multiple attack vectors and risks, including insecure 
storage, stolen device risk, mobile malware attacks, and both authenticated and unauthenticated app users. By conducting pen testing, you can gain insights into 
the application’s vulnerabilities, bottlenecks, and attack vectors before an adversary is able to discover and exploit them. This way, once you identify an app’s 
shortcomings, your developers can put in fixes to plug these gaps and change the design to address the issues at hand. Broadly speaking, mobile app pen 
testing methodologies include the following stages. Discovery: You gather information, which will further form the basis of the pen testing phases. Assessment 
and analysis: You assess the app using static application security testing (SAST), reverse engineering, dynamic application security testing (DAST), and more. 
Exploitation: You find hidden cues which can successfully shed light on different vulnerabilities. Reporting: You report the findings via technical reports and 
executive-level papers. Sum It Up In this module, you’ve been introduced to the OWASP Mobile Top 10 as a way to identify and mitigate mobile appsec risks. 
You’ve also learned how to test mobile apps using a variety of techniques. Along with the information you reviewed in the Mobile Application Security module, 
you should now have a better understanding of what it takes to be a mobile appsec engineer. You can learn more about the in-demand cybersecurity skills 
needed to get a job in mobile appsec, or another field, and learn more from real security practitioners by visiting the Cybersecurity Learning Hub on Trailhead. 
Resources Trailhead: Network Security Planning Trailhead: Vulnerability Assessment External Site: GitHub: Awesome Penetration Testing External Site: Yes We 
Hack: Getting Started with iOS Penetration Testing (Part 1) Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/mobile-application-security- 
implementation/0adb0095592894c0e1f31565aff8318a_badge.png Mobile Application Security Implementation 100% Progress: 100% View more modules Skip to 
main content Risk and Safeguard Modeling and Evaluation Score Risks Time Estimate About 10 mins Topics Learning Objectives Before You Start Identify 
Information Assets, Safeguards, and Vulnerabilities Evaluate Current Safeguard Maturity Automatically Score Risks Knowledge Check Sum It Up Resources 
Challenge +50 points Get help with this badge Provide feedback for this badge Score Risks Learning Objectives After completing this unit, you’ll be able to: 
Identify information assets, Safeguards, and vulnerabilities. Evaluate current Safeguard Maturity. Describe how the Center for Internet Security, Inc.’s (CIS®) Risk 
Assessment Method (RAM) automatically scores risks. Note This module was produced in collaboration with the CIS. Learn more about partner content on 
Trailhead. Before You Start If you completed The Center for Internet Security's Risk Assessment Method module, then you already know how to develop Risk 
Assessment and Acceptance Criteria. Now let’s talk about how to use the Center for Internet Security, Inc.’s (CIS) Risk Assessment Method (RAM) to model and 
evaluate risks and recommend and evaluate CIS Safeguards. Note Throughout this module, we capitalize common words when referring to a specific component 
of CIS RAM Version 2.1. Identify Information Assets, Safeguards, and Vulnerabilities As a cybersecurity risk manager, you can model risks by associating 
information assets with the CIS Safeguards that protect them, the vulnerabilities that may be present, and the threats that can compromise these information 
assets. CIS RAM helps analyze risk by describing the component steps regardless of sequence. Identify an information asset or asset class, such as a specific 
firewall or a set of similarly managed firewalls, an application, or a set of identically configured servers, and more. Identify threats that can compromise the 
Confidentiality, Integrity, and Availability (CIA) of those information assets or Asset Classes. List CIS Safeguards that protect the information asset or Asset Class 
against foreseeable threats. Indicate if you have implemented the CIS Safeguards in the environment and how you have implemented them. Consider any 
vulnerabilities that may exist related to each Safeguard and Asset Class. You, as a cybersecurity risk manager, should take care to consider what can go wrong, 
even if you have implemented Safeguards. Safeguards can have vulnerabilities such as errors in administration, new threats, intentional harm, failed systems, 
and insufficient skills or resources. Let’s check in with Sean, the risk assessor at Custom Car Company (CCC), as he continues to fill out his Risk Register in CIS 
RAM for Implementation Group 2 (IG2) Version 2.1 (v2.1) Companion Workbook. Sean filling out his Risk Register using CIS RAM for IG2 v2.1 Companion 
Workbook Using the workbook, Sean first selects an Asset Class such as Enterprise, Devices, Applications, Data, Network, or Users. Next, he describes the 
Asset Name. He selects the CIS Safeguard # and Title that applies to the Asset Class he selected. He then documents how CCC has implemented that Safeguard, 
including optionally adding Evidence of Implementation, and states any Vulnerabilities that may be exploited by a threat. Note This table represents just a few 
examples of the information Sean inputs. Asset Class Applications Applications Applications Asset Name CarCore CarCore CarCore CIS Safeguard # 2.1 2.2 2.3 
CIS Safeguard Title Establish and Maintain a Software Inventory Ensure Authorized Software is Currently Supported Address Unauthorized Software Our 
Implementation We use a software asset management tool that monitors for applications installed on all servers and end-user systems. A software asset 
management tool validates that installed applications are currently supported and that the organization implements current versions. The software asset 
management tool identifies installed applications that were not permitted and alerts the Operations (Ops) team. The Ops team removes unapproved applications 
within 5 business days. Vulnerabilities We track the deployment of installed software (including type, version, and patches); however, we have no method to 
automatically scan, download, and deploy vendor-specific patches. None observed. Users have administrative rights to install software on their laptops, but we 
don’t enforce security reviews on that software before installation. Now that Sean has documented CCC’s assets, associated CIS Safeguards, and Vulnerabiliites, 
he next turns to evaluate the current maturity of CIS Safeguards at CCC. Evaluate Current Safeguard Maturity As the next step in evaluating risks, Sean selects a 
score of 1 through 5 designating the reliability of each Safeguard’s effectiveness against threats, using the following definitions. He did not implement the 
Safeguard, or implemented it inconsistently. He implemented the Safeguard fully on some assets, or partially on all assets. He implemented the Safeguard on all 
assets. He tested the Safeguard and corrected inconsistencies. He has put in place mechanisms for the Safeguard to ensure consistent implementation over 
time. He populates the Safeguard Maturity Score column in the risk register with his selections. Asset Class Applications Applications Applications Asset Name 
CarCore CarCore CarCore CIS Safeguard # 2.1 2.2 2.3 CIS Safeguard Title Establish and Maintain a Software Inventory Ensure Authorized Software is Currently 
Supported Address Unauthorized Software Our Implementation We use a software asset management tool that monitors for applications installed on all servers 
and end-user systems. The software asset management tool validates that installed applications are currently supported and that the organization has 
implemented current versions. The software asset management tool identifies installed applications that were not permitted and alerts the Operations (Ops) 
team. The Ops team removes unapproved applications within 5 business days. Vulnerabilities We track the deployment of installed software (including type, 
version, and patches); however, we have no method to automatically scan, download, and deploy vendor-specific patches. None observed Users have 
administrative rights to install software on their laptops, but we don’t enforce security reviews on that software before installation. Safeguard Maturity Score 3 5 4 
Automatically Score Risks The VERIS Community Database Index Sean now has documented CCC’s assets, their associated Vulnerabilities, and the maturity of 
CCC’s current CIS Safeguard implementation in protecting against those Vulnerabilities. CIS RAM Version 2.1 (v2.1) Companion Workbook automatically 
calculates a value to represent how commonly a related threat causes reported cybersecurity incidents. The VERIS Community Database (VCDB) Index column 
displays this number. This score evaluates the commonality of a threat that a given Safeguard prevents. Expectancy Score CIS RAM v2.1 Companion Workbook 
also automatically calculates an Expectancy Score by comparing the commonality of reported threats to the maturity of the Safeguards that prevent the threats. 
Note For more detailed information on how the CIS RAM Version 2.1 (v2.1) Companion Workbook calculates the Expectancy Score, see Appendix C of the CIS- 
RAM for Implementation Group 2 (IG2) v2.1 PDF. Impacts Recall that in The Center for Internet Security's Risk Assessment Method module, Sean defined Mission 
Impact, Operational and Financial Objectives Impact, and Obligations Impact for each Asset Class (Enterprise, Devices, Applications, Data, Network, Users), as 
part of the process of estimating inherent risk criteria. The CIS RAM v21 Companion workbook automatically populates these magnitudes of harm. Risk Score 
and Risk Level Once Sean populates the Safeguard Maturity Score column of CIS RAM v2.1 Companion Workbook, the workbook automatically populates Risk 
Score and Risk Level. The workbook calculates the Risk Score by multiplying the Expectancy Score by the highest Impact Score. The resulting Risk Level is 
either green, yellow, or red. These colors indicate whether the risk evaluated as “acceptable” as Sean described it in his Risk Acceptance Criteria in the previous 
module. Green indicates that the risk evaluates as acceptable. Yellow indicates that the risk is unacceptably high, but not urgent. Red indicates that the risk is 
urgent. Sean’s completed Risk Register now looks like this: Asset Class Applications Applications Applications Asset Name CarCore CarCore CarCore CIS 
Safeguard # 2.1 2.2 2.3 CIS Safeguard Title Establish and Maintain a Software Inventory Ensure Authorized Software is Currently Supported Address 
Unauthorized Software Our Implementation We use a software asset management tool that monitors for applications installed on all servers and end-user 
systems. A software asset management tool validates that installed applications are currently supported and that the organization has implemented current 
versions. AppXYZControl identifies installed applications that were not permitted and alerts the Operations (Ops) team. The Ops team removes unapproved 
applications within 5 business days. Vulnerabilities We track the deployment of installed software (including type, version, and patches); however, we have no 
method to automatically scan, download, and deploy vendor-specific patches. None observed Users have administrative rights to install software on their 
laptops, but we don’t enforce security reviews on that software before installation. Safeguard Maturity Score 3 5 4 VCDB Index 2 2 2 Expectancy Score 2 1 2 
Impact to Mission 4 4 4 Impact to Operational Objectives 2 2 2 Impact to Financial Objectives 4 4 4 Impact to Obligations 5 5 5 Risk Score 10 5 10 Risk Level 
Yellow Green Yellow Knowledge Check Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To 
get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to check your 
work. If you’d like to start over, click Reset. Sum It Up Sean now has a better understanding of the Risk Levels associated with each Asset Class at CCC. Next, 
let’s follow along with Sean as he plans his Risk Treatment activities, prioritizing higher value risks over lower value risks. Resources Trailhead: The Center for 
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Internet Security's Risk Assessment Method External Site: CIS: Download the CIS Critical Security Controls External Site: CIS: Download the CIS Risk 


Assessment Methodology (RAM) Family of Documents Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/risk- 
and-safeguard-modeling-evaluation/ba3f75b1cacfdbc05aa099807dc8e22c_badge.png Risk and Safeguard Modeling and Evaluation 100% Progress: 100% View 
more modules Skip to main content Visual Remote Assistant See What the Customer Sees Time Estimate About 20 mins Topics Learning Objectives Meet the 
Ursa Major Solar Team Make Service Easier and Safer for Customers Visual Remote Assistant in Action Resources Challenge +25 points Get help with this 
badge Provide feedback for this badge See What the Customer Sees Learning Objectives After completing this unit, you’ll be able to: List the benefits of Visual 
Remote Assistant. Describe how a technician or agent uses Visual Remote Assistant. Meet the Ursa Major Solar Team Ursa Major Solar is an innovative solar 
company in the American Southwest. It sells individual solar products and complete solar power systems. It uses Field Service to manage the field service team 
that installs and repairs solar systems. Let’s meet a few members of the team working to improve the field service journey for its customers. CEO and cofounder 
Sita Nagappan-Alvarez. She makes key decisions about software purchases. She’s always on the lookout for ways to improve customer service while keeping 
her employees happy. Salesforce admin Maria Jimenez. She’s the go-to person for setting up and maintaining Salesforce and Field Service. If you have a 
question about Salesforce, Maria has the answer. Customer support agent Ada Balewa. She takes customer calls and solves their problems. Sometimes she 
refers customers to technicians, and sometimes she solves their problems herself. Field Service technician James Clifton. He fixes customers’ solar products. 
James works with all Ursa Major Solar’s products, and he’s happy to bring sunshine to its customers. Make Service Easier and Safer for Customers Sita keeps 
Ursa Major Solar at the forefront of the industry by making sure she knows what her customers want and what they don’t. These days, customers don’t want to 
have service technicians in their homes as often. While they’re happy with the service provided by technicians like Ada and James, they’d like to have Ursa Major 
help them perform simple jobs themselves. Having agents or technicians investigate problems in customers’ homes without going inside seems like an 
unsolvable problem. Then Sita discovers Visual Remote Assistant. Visual Remote Assistant lets a contact center agent or remote technician see what the 
customer sees via video session. Now Ursa Major can provide the same exceptional service without being in the customer’s house using real-time visual 
support. A quick wave of a customer’s mobile device shows the agent or technician which product is installed, the settings it’s currently using, and more. Visual 
Remote Assistant ties into Ursa Major’s existing Field Service product, so remote technicians can easily see customer information. Details like product type, 
installation date, and previous visits to the customer’s home are easy to access. Technicians don’t waste time asking questions they’ve asked before and save 
time for the customer and Ursa Major. Even better, customer problems are often resolved in the first call, without the customer having to schedule a service call 
and wait for a technician. What they see varies depending on how it’s set up in their org, but here’s what an Ursa Major agent or technician sees during a call. 
Graphic showing the incoming phone call, customer information, and the pane to launch Visual Remote Assistant. Call (1)—What the customer sees during the 
Visual Remote Assistant session. Customer information (2)—The agent or technician’s page shows customer contact information, the installed assets, past work 
orders for this customer, and more. Visual Remote Assistant pane (3)—Where an agent or technician starts Visual Remote Assistant, allowing them to see what 
the customer sees and guide them to resolve their issue. Visual Remote Assistant in Action Let’s say that Ada Balewa is on the phone with a customer named 
Violet Winkle. Violet is having trouble with a leaky solar hot water heater. Ursa Major has been called out before about this leaky hot water heater, so Ada quickly 
reads the notes in the work order on that visit. Ada suspects a loose pipe fitting, but she has to see the hot water heater to be sure. She suggests that they 
transition to a video call so she can see what’s going on with Violet’s hot water heater. Violet agrees and Ada uses Visual Remote Assistant to send a text to 
Violet. Violet taps the link and it sends her to a web page in her mobile browser. She approves the terms and conditions and allows Visual Remote Assistant to 
access her phone’s camera for the duration of the call. Now Ada can see everything that Violet sees. Ada asks Violet to point her phone at the leak and follow it 
back. She quickly spots the problem. It’s a leaking pipe fitting, just like she thought. When she tries to explain its location, Violet doesn’t understand, so Ada 
draws a big red arrow on her screen. Because Visual Remote Assistant uses augmented reality, the arrow shows up on Violet’s phone screen too. Now they can 
both see where the problem is. Ada tells Violet to turn the fitting to the right to tighten it. After Violet does, she wipes off the pipe with a towel and checks that it’s 
no longer leaking. Problem solved! Violet takes a picture of the fixed pipe and it’s added to her user record so the next time she calls, Ursa Major will have that 
history. Visual Remote Assistant allows Ursa Major to resolve issues the first time around. If more help is needed, agents or technicians can add a subject matter 
expert to the session. If they can’t solve the problem right away, the agent or technician can figure out the next steps. Next steps include things like ordering 
parts, walking the customer through installing the new parts, or scheduling an onsite service call. Let’s watch a company resolving a customer problem using 
Visual Remote Assistant. Sita understands the value that Visual Remote Assistant can bring to Ursa Major Solar. She’s happy to see that it allows Ursa Major a 
way to deliver exceptional service from anywhere. Then the team can give the customer real-time visual feedback to diagnose and even fix problems without 
going onsite. She’s excited to use Visual Remote Assistant at Ursa Major. Resources Blog post: Deliver Service Anytime, Anywhere With Visual Remote 
Assistance Salesforce Help: Set Up Visual Remote Assistant Product page: Empower customers and employees with real-time, visual support Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/visual-remote-assistant/aaf5ae039f3fddb40c533341c8497498 _badge.png 
Visual Remote Assistant 100% Progress: 100% View more modules Skip to main content Visual Remote Assistant Set Up Visual Remote Assistant Time 
Estimate About 15 mins Topics Learning Objectives Are You Ready? Install the Managed Package Train Employees Resources Challenge +25 points Get help 
with this badge Provide feedback for this badge Set Up Visual Remote Assistant Learning Objectives After completing this unit, you’ll be able to: List the 
prerequisites for using Visual Remote Assistant. Install the Visual Remote Assistant managed package. Train agents and field service technicians to work with 
customers using Visual Remote Assistant. Are You Ready? Ursa Major’s admin, Maria, makes sure that she has everything set up to use Visual Remote 
Assistant. She runs through the list of prerequisites. Service Cloud or Field Service licenses. Ursa Major uses Field Service, so it’s already enabled, customized, 
and the permissions are set up. Lightning Experience. Ursa Major uses Lightning Experience, too, so that’s ready. Licenses for Visual Remote Assistant. Sita 
worked with her Salesforce Account Executive to purchase the necessary licenses. The correct permission sets. Maria has everything she needs. She’s ready to 
get started. Install the Managed Package Maria is ready to install the Visual Remote Assistant managed package. For a business org, you may want to install new 
packages in a sandbox org first to test them but here we install directly into your Trailhead playground. Note We assume you're a Visual Remote Assistant 
administrator with the proper permissions and licenses to install and use the managed package. If that's not the case, that’s OK. Read along to learn how your 
administrator would take the steps in a production org. Don't try to follow these steps in your Trailhead Playground. Visual Remote Assistant isn't available in the 
Trailhead Playground. Open an incognito browser window in Chrome. In the incognito window, paste this link http://sfdc.co/visualremoteassistant-install into the 
address bar. On the Salesforce login screen, enter the username and password for your org, then click Log In. Enter the verification code from your email. Select 
Install for Admins Only, select the acknowledgment, then click Install. Approve the request to grant access to third-party websites. Wait for a message telling you 
that you'll be notified by email when the package is installed, and click Done. Check your email for notification that the package installed. It can take a few 
minutes, but when the installation is complete, check out what you’ve installed. In the App Launcher, search for visual. App Launcher displaying selections for 
Visual Remote Assistant, Visual Remote Assistant - API Details, Account Details and more. Maria selects Visual Remote Assistant to see more. Train Employees 
Ada and James work together to develop a training program for agents and technicians. Ada is responsible for the agent perspective and James focuses on how 
technicians use Visual Remote Assistant. They create a list of common scenarios that can benefit from a visual connection to the customer. The list includes 
basic in-home repairs. Here’s part of Ursa Major’s list of tasks that customers can perform. It’s not a full list, but it gives you a sense of Ursa Major’s goals. 
Examine hot water heaters leaking inside the house for loose connections or defective parts. If solar panels on the ground are losing efficiency, visually inspect 
them for loose debris. Check to make sure that all connections are securely fastened. Use optical character recognition (OCR) to convert barcodes, QR codes, 
and more into text to look up panel warranty, item number, and more. Then they create a list of common scenarios where a visit must be scheduled. For example, 
some tasks are too dangerous for a customer to attempt. Instead, a knowledgeable technician must come onsite to fix the problem. Ursa Major never 
compromises on customer safety. Don’t attempt to fix problems with electrical components that could shock or injure the customer. Don’t have customers climb 
onto their roof or go to any area that’s dangerous to access. Don’t disassemble complex components that require a delicate touch or specialized expertise. 
Finally, they list the tasks that agents and technicians must perform to use Visual Remote Assistant. Decide if it’s a case for Visual Remote Assistant. Locate and 
start Visual Remote Assistant. Walk customers through connecting their mobile device. Take pictures to include in the record or forward to a subject matter 
expert. Use augmented reality to add information to a customer’s phone display, like arrows or circles. Know when to add a subject matter expert to the agent’s 
ongoing session. Know when to schedule a follow-up appointment. Now that Ada and James have the training information, they decide to create a Sales 
Enablement badge to train their team members. After a team member completes the badge, they shadow a trained team member for a day to see Visual Remote 
Assistant in action. After that, they’re ready to start helping customers in a whole new way. In this module, you learned the benefits of Visual Remote Assistant 
and how agents and technicians use it to work with customers. Then, an Ursa Major admin installed the Visual Remote Assistant managed package. Finally, Ursa 
Major trained team members to help customers solve their problems more quickly and easily than ever before. Resources Trailhead: Trailhead Playground 
Management Salesforce Help: Implement Visual Remote Assistant for Field Service Trailhead: Create New Learning Experiences with Sales Enablement Quiz 
Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/visual-remote- 
assistant/aaf5ae039f3fddb40c533341c8497498_badge.png Visual Remote Assistant 100% Progress: 100% View more modules Skip to main content Carbon 
Accounting for Assets with Net Zero Cloud Learn the Foundations of Carbon Accounting Time Estimate About 10 mins Topics Learning Objectives Before We 
Start Account for Your Actions How Net Zero Cloud Can Help Explore the Building Blocks of Carbon Accounting Resources Challenge +25 points Get help with 
this badge Provide feedback for this badge Learn the Foundations of Carbon Accounting Learning Objectives After completing this unit, you’ll be able to: Explain 
the basic Greenhouse Gas (GHG) accounting principles. Describe the different objects that work to create a carbon accounting framework. Before We Start If you 
completed the Net Zero Cloud Basics module, then you already know how Northern Trail Outfitters uses Net Zero Cloud to support and scope their climate 
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strategy. Not to mention Net Zero Cloud Admin Essentials module which outlined how an admin can set up and configure the application. If you haven’t 


completed these modules, we recommend taking them to have more context as you dive into carbon accounting. Account for Your Actions The world is ina 
climate crisis and the need to reduce carbon emissions has never been more urgent. Regulators, investors, and customers are urging companies to get to net 
zero faster. Companies are faced with the challenge of tracking the complete spectrum of their value chain emissions, which can be a complex and cumbersome 
process. In this module, we’ll look at how Net Zero Cloud can help you meet that challenge. Northern Trail Outfitters (NTO) is using Salesforce’s Net Zero Cloud 
to collect, analyze, and report energy usage data and track their carbon footprint. As a part of its net zero commitment, NTO plans to track its carbon footprint 
and set long-term goals to significantly reduce greenhouse gas emissions. How Net Zero Cloud Can Help Today, companies are generally expected to gather data 
on their emissions-producing activities, calculate, and report their contribution to atmospheric emissions, and reduce emissions across all three scopes. Check 
out this help topic to see examples of how emissions are qualified as scope 1, 2, and 3. Net Zero Cloud makes this entire carbon accounting process easy and 
streamlined for a company like NTO. Net Zero Cloud provides the tools to quantify and measure carbon emissions, and helps companies make informed 
decisions about which mitigation strategies will be most effective. In Net Zero Cloud, all emissions are converted to their carbon dioxide equivalents and are 
reported in metric tonnes of carbon dioxide equivalent (tCO2e). Wondering what tCOze means? tCOcze is a standardized unit for counting greenhouse gas (GHG) 
emissions, regardless of whether they're from carbon dioxide or another gas, such as methane, nitrous oxide, or one of the dozens of refrigerants used 
throughout the world today. Net Zero Cloud helps companies create an annual emissions inventory. A GHG inventory is the basis for efforts to reduce emissions 
and their associated environmental impacts. Once you know what your emissions are, it’s easier to tackle the process of reducing the impact of these emissions. 
An accurate GHG inventory also helps companies forecast emissions in future years. Calculating GHG emissions also enables companies like NTO to set 
science-based emissions reduction targets. An accurate GHG inventory is the required starting point for determining which targets should be set and for 
determining how to quantify these targets. Let’s follow along as Sam Rajan, the Chief Sustainability Officer at NTO, explores carbon accounting using Net Zero 
Cloud for all stationary and vehicle asset sources. Sam Rajan, the Chief Sustainability Officer at NTO. Explore the Building Blocks of Carbon Accounting There 
are four key building blocks in Net Zero Cloud that help users manage the carbon accounting process. Emissions Sources: Emissions sources represent the 
assets of an enterprise that generate carbon emissions. The three types of emissions sources in Net Zero Cloud are: Stationary Asset Environmental Sources: 
Assets that are stationary in nature, such as office buildings, data centers, or warehouses. Vehicle Asset Emissions Sources: Assets that are mobile in nature, 
such as company vehicles or private jets. Scope 3 Emissions Sources: Scope 3 activities that are the source of emissions, such as transportation, purchase of 
raw materials, hotel stays, and so on. This category of emissions results from the activities of the company that are from sources not owned or controlled by the 
company. Energy Use Records: Energy use records are created for a specific date or date range and are associated with an emissions source. Examples include 
monthly electricity consumption for a stationary asset or a single commercial flight record. Users can enter energy consumption information, such as the 
quantity of electricity, diesel, or natural gas consumed, over a specific period of time in various units of measure that are specific to the activity or fuel being 
consumed. Based on the emissions factors referenced by the energy use record, Net Zero Cloud does the work for you by converting the entered consumption 
into carbon emissions. Emissions Factors: Emissions factors are used to convert energy consumption into GHG emissions. Several emissions factors in the 
form of reference datasets from standard government or private sources are preconfigured in Net Zero Cloud. Examples include the eGRID dataset for electricity 
subgrid emissions in the United States and the EEIO datasets that estimate tCO2e per monetary output across most of the 8 upstream scope 3 categories. 
Emissions factors specific to a region, business sector, or country can also be added to Net Zero Cloud. Carbon Footprints: A carbon footprint is an estimate of 
the amount of CO2e released to the environment during the lifecycle of a product or an activity. Carbon footprints primarily exist to summarize values from 
multiple energy use records. There are three types of carbon footprints in Net Zero Cloud, corresponding to the three types of emissions sources. Stationary 
Asset Carbon Footprint: Contains overall emissions by scope, summarized from underlying energy uses for a stationary asset across all fuel types. Net Zero 
Cloud automatically creates Stationary Asset Carbon Footprint Item records to show summarized emissions information for a single fuel type. Vehicle Asset 
Carbon Footprint: Contains overall emissions by scope, summarized from underlying energy uses for a vehicular asset. Scope 3 Carbon Footprint: Contains 
overall emissions from underlying energy uses for a scope 3 activity. While you can associate a Scope 3 Emissions Source to the carbon footprint record, you 
can also associate a stationary source. For example, a warehouse can be the epicenter of scope 3 activities such as purchase of goods and services, 
transportation and distribution, and waste generation. You can associate the required energy use records and procurement summary records to determine from 
which activities you want to calculate emissions. Now that Sam understands the building blocks for carbon accounting, he maps out the connections between 
these objects. Emissions Source Type Energy Use Type Applicable Emissions Factors Carbon Footprint Type Stationary Asset Environmental Source Stationary 
Asset Energy Use Other Emissions Factor Electricity Emissions Factor Refrigerant Emissions Factor Stationary Asset Carbon Footprint Stationary Asset 
Carbon Footprint Item (for Electricity) Vehicle Asset Emissions Source Vehicle Asset Energy Use Other Emissions Factor Electricity Emissions Factor 
Refrigerant Emissions Factor Stationary Asset Carbon Footprint Stationary Asset Carbon Footprint Item (for Diesel) Vehicle Asset Emissions Source Vehicle 
Asset Energy Use Other Emissions Factor Vehicle Asset Carbon Footprint A flowchart depicting the relationship of all asset-related records in Net Zero Cloud. 
Note To understand the relationship between emissions sources, energy uses, and carbon footprints for scope 3 activities, check out Carbon Accounting for 
Scope 3 with Net Zero Cloud. In the next unit, we focus on stationary asset sources and stationary asset energy uses. Resources Trailhead: Strategies for Net 
Zero Now: Quick Look Trailhead: Net Zero Cloud Basics Salesforce Help: Greenhouse Gas Emissions Developer Guide: Net Zero Cloud Data Model Quiz 
Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon-accounting-for-assets-with-net-zero- 
cloud/bfd4603e79491fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 100% View more modules Skip to main 
content Carbon Accounting for Assets with Net Zero Cloud Track Emissions for Stationary Assets Time Estimate About 10 mins Topics Learning Objectives Take 
Stock of Your Buildings Energy Use for Stationary Assets Data for Key Fields A Few Calculations Explained Resources Challenge +25 points Get help with this 
badge Provide feedback for this badge Track Emissions for Stationary Assets Learning Objectives After completing this unit, you’ll be able to: List the key fields 
on a stationary asset environmental source record. Explain how to specify values for key fields on stationary asset energy use records. Show a simple 
calculation of emissions on a stationary asset energy use record. Take Stock of Your Buildings Stationary asset environmental sources are used to represent all 
buildings and data centers associated with a company. Let’s look at how Sam handles this for NTO. Since all of NTO’s stationary asset records come with a few 
key fields, Sam creates a record for the NTO Headquarters and reviews and populates the key fields. A stationary asset environmental source record showing 
details for NTO Headquarters Miami. Let’s take a deeper dive into these fields and what they represent. Field Description Impact on Calculations Carbon 
Emissions Scope Allocation The object that specifies the GHG Protocol scope of emissions for different fuels. Each fuel type has its own scope allocation record 
in the Carbon Emissions Scope Allocation Values object. This field helps the user specify the scope to which the emissions from each fuel is allocated. 
Refrigerant Emissions Factor The object that holds the global warming potential (GWP) for cooling refrigerants, such as CFCs, HFCs, and HCFCs used in 
stationary asset sources. You can create one record per refrigerant type. To properly calculate tCO:e from refrigerant leakage, the refrigerant’s GWP is multiplied 
by the quantity of refrigerant leakage. Electricity Emissions Factor Set The object that holds a range of information that's relevant to calculating the scope 2 
emissions generated from electricity. The GHG Protocol provides two methods for tracking scope 2 emissions: the market-based method and the location-based 
method. There are fields specific to both of these methods in the electricity emissions factor set. Yearly datasets from sources such as Emissions & Generation 
Resource Integrated Database (eGRID) website can be uploaded to accurately calculate electricity-based emissions in a specific postal code. Other Emissions 
Factor Set The object that holds predefined emissions and conversion factors for emissions resulting from use of natural gas, propane, and on-site diesel use. 
While in the other emissions factor record, you can define the global warming potential values for CH. and N.O, in the associated other emissions factor set item 
records, you can specify values for different fuel types, such as gasoline, LPG, or biodiesel. All individual emissions and conversion factors for sources that are 
not included in the electricity grid or scope 3 data types are captured as part of the Other Emissions Factors. Regional Building Energy Intensity Lookup to a 
building energy intensity record from the Commercial Buildings Energy Consumption Survey (CBECS) data. The CBECS is a national sample survey that 
collects energy usage information on commercial buildings across the USA. The energy usage data serves as a reliable and publicly available standard, and is 
preloaded in Net Zero Cloud. The value is automatically populated when the country is the United States, the postal code is valid, and the total floor area is 
populated in the record. NTO can use the CBECS building energy intensity data to plug energy use gaps in the data of commercial buildings (more on this later). 
Energy Use for Stationary Assets Buildings and warehouses at NTO use electricity, diesel for backup generators, and refrigerants for cooling. Each of these 
require separate energy use records associated with the same stationary asset source. Within energy use records, Net Zero Cloud automatically calculates many 
of the fields based on energy use data and emissions factors. Three energy use records associated with a stationary asset environmental source record. Data for 
Key Fields Sam works to create the energy use records to allow for emissions calculations. He looks at the information within an energy use record, one section 
at a time. General Information On a stationary asset’s energy use record, information like the total and occupied floor area and whether the asset is company- 
owned helps with calculations. Sam can also specify the stationary asset for which energy consumption is being recorded, the start and end dates of the energy 
consumption, and the corresponding stationary asset carbon footprint record. General information, such as building details, reporting period, and references to 
the associated asset and carbon footprint on a stationary asset energy use record. Consumption Depending on the type of fuel for which an energy use record is 
created, this section helps Sam define the following. Fuel type: There are multiple fuel types for which you can enter energy consumption, including Electricity, 
Diesel, Natural Gas, and Propane. Fuel consumption unit: Multiple units of measure are supported natively in Net Zero Cloud corresponding to the different fuel 
types that are supported. Fuel consumption information on a stationary asset energy use record. Emissions Factors If the emissions factors are specified on the 
stationary asset environmental source, they are automatically inherited by the associated energy use records. Thanks to the flexibility of Net Zero Cloud, Sam 
can also override the values on each energy use record if he needs to. Associated emissions factors for electricity, fuel, and refrigerants on a stationary asset 
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used in the calculated total emissions. Supplemental emissions information on a stationary asset energy use record. Grid Mix The grid mix values on the energy 
use record are calculated based on the grid mix percentages specified in the associated electricity emissions factor set record. If he needs to, Sam can override 
the values for location-based and market-based grid mix on an electricity emissions factor set record based on the information he gets from the suppliers for 
NTO’s buildings in a specific postal code. The market-based grid mix depends on the electricity that organizations have chosen to purchase from specific 
suppliers and takes supplier-specific emissions rates into consideration. The location-based grid mix depends on the emissions intensity of the local grid area 
where the electricity usage occurs. Location-based and market-based grid mix information on a stationary asset energy use record. Renewable Energy 
Renewable energy displays the quantity of electricity that’s generated from renewable sources. Sam can specifically allocate electricity generated from 
renewable sources in the Renewable Energy Type and Allocated Renewable Energy fields. The basis for the renewable energy calculations is the allocated 
renewable energy value entered on the energy use record and the market-based grid mix percentage on the electricity emissions factors record. Renewable 
energy information on a stationary asset energy use record. Emissions This section displays the autocalculated emissions in tCO.e by scope corresponding to 
the entered energy consumption in the stationary asset energy use record. Autocalculated greenhouse gas emissions values on a stationary asset energy use 
record. A Few Calculations Explained Now that Sam has explored the key information on an energy use record for a stationary asset, he tries to understand how 
the emissions are calculated. Sam creates the following energy use records for the NTO Office Headquarters Miami stationary asset environmental source 
record. Stationary Asset Environmental Source Stationary Asset Energy Use Fuel Type Fuel Consumption Details NTO Headquarters Miami Monthly Electricity 
Bill Jan Electricity 1000 kWh NTO Headquarters Miami Monthly Fuel Bill Jan Diesel 1000 Liters NTO Headquarters Miami Q1 Refrigerant Bill Refrigerant 10 kg 
Calculation of Electricity Related Emissions The United States - US-TX - electricityMap 2019 emissions factor record specifies the following. COze Emissions 
Rate for Location Based Emissions Factors = 396.78 g/kWh Location-Based Coal-Mix Percentage: 20% Location-Based Gas-Mix Percentage: 47% Location-Based 
Nuclear-Mix Percentage: 11% Emissions factor details on an electricity emissions factor set record. Let’s see how the energy values are calculated on the 
stationary asset energy use record Monthly Electricity Bill Jan. Scope 2 Location-Based Emissions (tCO:e) = Electricity consumption (in kWh) * Emissions factor 
(g/kWh) / 106 (tCOze conversion factor) = 1000*396.78/1000000 = 0.3968 tCO.e Furthermore, here’s how the information is calculated for the Location-Based Grid 
Mix. Location-Based Electricity from Coal (kWh): 20% of 1000 kWh = 200 kWh Location-Based Electricity from Gas (kWh): 47% of 1000 kWh = 470 kWh Location- 
Based Electricity from Nuclear (kWh): 11% of 1000 kWh = 110 kWh Greenhouse gas emissions results and grid mix data on a stationary asset energy use record 
for electricity. A similar approach is followed to calculate market-based electricity emissions by referring to the market-based grid mix percentages. Calculation 
of Diesel Related Emissions The Fuel Conversion Factors - DEFRA EPA 2018 factor set record specifies the Global Warming Potential (GWP) values. GWP of CH:: 
28 GWP of N.O: 265 The OEFSI-0000006 factor set item record specifies the following. Fuel Type Calorific Value Supplied tCO.e Emissions Factor CH. Emissions 
Factor CO. Emissions Factor N.O Emissions Factor Diesel 15 kWh/L 12.45 tonnes/mWh 3.00 73.96 0.06 The consumption of diesel (1000 Liters) is first converted 
to its kWh equivalent using its calorific value, which is 15 kWh/L. Total Fuel Consumption = 15000 kWh (1000*15) Next, this value is multiplied by the Supplied 
tCO.e emissions factor and divided by the conversion factor. Scope 1 Emissions (tCO.e) = Supplied tCOze Emissions Factor * Total Fuel Consumption/1000 = 
(12.45*15000/1000) = 186.75 The autocalculated Scope 1 Emissions (tCO2e) value for Diesel on a stationary asset energy use record. Calculation of Refrigerant 
Related Emissions Lastly, let’s check out how emissions are calculated when the fuel type is Refrigerant. The Sulphur hexafluoride (SF6) - IPCC AR4 2007 
refrigerant emissions factor record specifies the Global Warming Potential as 22,800. Here’s how the emissions calculation shapes up. Scope 1 Emissions 
(tCOze) = GWP * Fuel Consumption(kg)/1000 = 22,800*10/1000 = 228 Greenhouse gas emission results on a stationary asset energy use record for Refrigerant. In 
the next unit, Sam creates a carbon footprint for this stationary asset and learns more about the calculations. Let’s follow along with him. Resources Salesforce 
Help: Create a Stationary Asset Environmental Source Record Salesforce Help: Map Stationary Asset Environmental Source Record Types Salesforce Help: 
Create an Electricity Emissions Factor Set Record Salesforce Help: Create an Other Emissions Factor Set Record Salesforce Help: Create a Stationary Asset 
Energy Use Record Developer Guide: Stationary Asset Energy Use Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon-accounting-for-assets-with-net-zero- 
cloud/bfd4603e79491fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 100% View more modules Skip to main 
content Carbon Accounting for Assets with Net Zero Cloud Manage Carbon Footprint Records for Stationary Assets Time Estimate About 10 mins Topics 
Learning Objectives Introduction to Carbon Footprints Stationary Asset Carbon Footprints Footprint Items What’s the Scope? Data Centers as Asset Sources 
Resources Challenge +25 points Get help with this badge Provide feedback for this badge Manage Carbon Footprint Records for Stationary Assets Learning 
Objectives After completing this unit, you’ll be able to: List the key fields on stationary asset carbon footprint records. Explain how scope allocation is 
determined for various fuel sources. Describe how emissions are calculated for a data center. Introduction to Carbon Footprints Sam is making great progress! 
He defined emissions sources and energy uses for stationary assets and looked at how emissions are calculated in the Net Zero Cloud app. Now he concentrates 
on rolling up the emissions data to a carbon footprint record. Sam can attach multiple stationary asset energy use records to a stationary asset carbon footprint 
record to get a single calculated carbon footprint for an asset. While a stationary asset carbon footprint shows the tCO:e emissions for an asset, its child records, 
Stationary Asset Carbon Footprint Items, show the tCO:e emissions for individual fuel types. So, if Sam creates a carbon footprint record to calculate the total 
tCO.e emissions for the NTO Headquarters for 2021, he can also have carbon footprint items that show emissions separately from, say, electricity, natural gas, 
and diesel. Note that while Sam can manually create carbon footprint records and associate them with energy use records, the application can also do this for 
him. If a carbon footprint record exists for a given period, all new energy use records falling within that period get automatically associated with this carbon 
footprint record. If Sam creates a new energy use record and it covers a time period for which a carbon footprint record does not yet exist, Net Zero Cloud 
automatically creates a new carbon footprint and associates the energy record with it. This saves Sam a lot of time. Note Only the energy use records that Sam 
has created, or to which he has at least View All access, are automatically rolled up into the carbon footprint record that he creates. Sam can work with the 
Salesforce admin to get View All or Modify All permission for the required records. When Sam attaches energy use records to a carbon footprint record, the 
scope 1, 2, and 3 calculations of the energy use records automatically sum to a total value shown in the carbon footprint record. Just like for individual energy 
use records, Sam can also manually specify supplemental emissions by scope on all carbon footprint record types. Stationary Asset Carbon Footprints The 
following key data points are available on a stationary asset carbon footprint record. General Information Sam can specify the Stationary Asset Environment 
Source to which this footprint is associated, the reporting period of the carbon footprint, the stage of the footprint in the overall lifecycle, the previous year’s 
annual carbon footprint record, and the audit approval status. Sam can also select the allocation status for renewable energy used in the asset source. Building 
Details Sam can specify the building energy intensity lookup and the regional building energy intensity lookup that can be used to resolve gaps in the energy 
consumption data for a commercial building stationary asset (more on this in the next unit). If the Stationary Asset Environmental Source record for this footprint 
is already associated with a Regional Building Energy Intensity record, then the same Regional Building Energy Intensity record is automatically populated in the 
Carbon Footprint record. However, Sam needs to identify the Building Energy Intensity record that is most applicable to the building’s carbon footprint and select 
that record. Building Details section on a Stationary Asset Carbon Footprint record. Greenhouse Gas Emissions Sam can see the autocalculated values for Total 
Scope 1, Total Scope 2 Market-Based, Total Scope 2 Location-Based, Total Scope 3 Upstream, and Total Scope 3 Downstream Emissions (tCO:e) for the 
associated source. The values are derived by summing up values from the underlying energy use records. Greenhouse gas emissions results on a stationary 
asset Carbon footprint record. Total Energy Use Summaries Total Energy Consumption for the stationary asset source is calculated in kilowatt-hours, megawatt- 
hours, and gigajoules. Sam can also see the Total Building Indirect Energy Consumption (MWh), which is the consumption of energy specifically from electricity, 
heat, cooling, and steam, and excludes emissions from other fuels. Total energy use summaries on a stationary asset carbon footprint record. Renewable Energy 
Details Based on the allocation status of the carbon footprint, Sam can see the Total Renewable Energy generated, both in absolute kWh and as a percentage of 
the overall electricity consumed. Also, he can see allocated renewable energy expressed in kWh, which is the renewable energy explicitly defined in energy use 
records. Sam can refer to these values to check the proportion of renewable or “cleaner” sources of energy used for each asset. This positions him better to 
meet his goal of increasing the allocated renewable energy percentage. Renewable energy details on a stationary asset carbon footprint record. Grid Mix 
Information Sam can see the rolled up values from all electricity energy use records for both location-based and market-based grid mix data for the asset source. 
And just like for energy use records, the data is categorized by fuel sources, such as biomass, coal, solar, wind, and oil. This makes it easy for Sam to see the big 
picture but also hone in on the fuel source components and how they each play a role. Location-based and market-based grid mix data on a stationary asset 
carbon footprint record. Energy Use Intensity Comparisons Sam can see the total regional electricity consumption intensity and the percentage difference 
between the regional intensity and the intensity of the associated carbon footprint item for electricity consumption. Sam can use this information to understand 
how far off a particular stationary asset is from the average electricity consumption in that region. If the variance is too high, maybe it’s time to make the building 
more energy-efficient. Energy use intensity comparisons on a stationary asset carbon footprint record. Data Quality Metrics Sam can view the average monthly 
electricity consumption and the energy consumption intensities for the current and previous years, calculated both in square meters and square feet. Another 
handy value is to check the maximum variance above and below the average expressed as a percentage. This is super useful for Sam to understand the role 
seasonality plays and to identify any data abnormalities. Data quality metrics on a stationary asset carbon footprint record. Footprint Items The Stationary Asset 
Carbon Footprint Items for a Carbon Footprint contain data for an individual fuel type. Let’s take the example from the previous unit to see a snapshot of how data 
rolls up in Net Zero Cloud. Three carbon footprint items, each for a different fuel type, associated with a parent carbon footprint for a stationary asset. Here’s a 
way to see how carbon footprint items roll up data based on fuel type, and how carbon footprints roll up data based on consolidated energy consumption across 
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all fuel types. Stationary Asset Environmental Source Stationary Asset Energy Use Fuel Type Stationary Asset Carbon Footprint Item Stationary Asset Carbon 
Footnrint NTO Office Headauarters Miami Record A Electricity CFI for Electricity CF for Miami Headauarters NTO Office Headauarters Miami Record B Diese! CFI 
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for Diesel CF for Miami Headquarters NTO Office Headquarters Miami Record C Refrigerant CFI for Refrigerant CF for Miami Headquarters The following key 
information can be found on a stationary asset carbon footprint item record. Total Emissions (tCO:e) from the fuel type. Total Energy Consumption of the Fuel 
Type, expressed in kWh equivalent, even if the underlying fuel is not electricity. Energy Consumption Intensity of the Fuel Type for the current and previous years. 
Intensity metrics on a stationary asset carbon footprint item record, where fuel type is electricity. What’s the Scope? For each energy consumption record 
entered, there is a default scope against which the emissions are recorded based on the fuel type and asset ownership. The asset ownership is determined by the 
Company-Owned Asset checkbox on an asset’s record. The associated energy use records inherit this status from the asset, but it can also be overridden. To 
understand the default scope allocation performed by Net Zero Cloud for various fuel types and for assets owned and leased by the reporting company, check out 
Stationary Asset Energy Use. There are typical allocations based on the Greenhouse Gas Protocol guidance, but exceptions occur frequently in the world of 
carbon accounting. There can be instances where Sam needs to change the default scope allocation for a specific asset source. For example, NTO might own the 
building, and therefore consider most fuels to be scope 1, while leasing equipment and considering emissions from that equipment to be scope 3. These 
determinations are often made with the help of experienced consultants. The default scope allocations in Net Zero Cloud can be overridden through the Scope 
Allocation capability, where Sam can assign the scope into which a particular fuel type’s emissions must be aggregated. To do this, he creates a new carbon 
emissions scope allocation record, manually sets each individual fuel’s allocation to a scope in the child records, and then assigns the new carbon emissions 
scope allocation record to his asset. By using Scope Allocation, Net Zero Cloud users have ultimate flexibility in how they account for their GHG emissions. Two 
carbon emissions scope allocation value records associated with a carbon emissions scope allocation record showing scope definitions for electricity and 
diesel. Data Centers as Asset Sources NTO, being a retail company, doesn’t operate any data centers. But there are companies who do, and they must define 
their data centers as stationary asset environmental sources. The reason that data centers are considered a special case in Net Zero Cloud is because of the way 
total electricity usage in the facility is estimated from known electricity consumption of the IT equipment. A Salesforce admin can configure the record type for 
the asset and information can be captured for data centers, similar to commercial buildings. While most calculations are similar for emissions, there are two 
major differences. If the fuel type on a stationary asset energy use record is Electricity for a data center asset source, the user must specify a value for the field 
Power Usage Effectiveness. Generally a value between 1 and 2, this is the ratio of the total amount of energy used by a data center to the energy delivered to just 
the computing equipment. The calculated emissions are scaled up by this value to calculate tCO:e for electricity. For other fuel types, there are no changes to 
calculated emissions. The Power Usage Effectiveness field on a stationary asset energy use record for a data center. Therefore, for data center assets, Total Fuel 
Consumption (kWh) = Fuel Consumption (kWh) * Power Usage Effectiveness In the other emissions factor set, there’s a provision to show the Data Center 
Refrigerant Leakage Rate value expressed in kg/IT kWh, which specifies the leakage rate of the refrigerant used for cooling the data center's computing 
equipment. The Data Center Refrigerant Leakage Rate field on another emissions factor set record. On a stationary asset carbon footprint record, the following 
values are autocalculated when the associated asset is a Data Center. Average Data Center Power Usage Effectiveness Data Center IT Diesel Consumption 
Intensity Previous Year Data Center Power Usage Effectiveness The autocalculated fields on a stationary asset carbon footprint record for a data center. Sam has 
explored carbon accounting for stationary assets and learned about the calculations. In the next unit, let’s follow along as Sam uses Net Zero Cloud to fill gaps in 
the carbon footprint data. Resources Salesforce Help: Calculate Stationary Asset Carbon Footprints Salesforce Help: Calculate Stationary Asset Carbon 
Footprint Items Salesforce Help: Create an Electricity Emissions Factor Set Record Salesforce Help: Create an Other Emissions Factor Set Record Developer 
Guide: Stationary Asset Carbon Footprint Item Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon- 
accounting-for-assets-with-net-zero-cloud/bfd4603e79491 fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 
100% View more modules Skip to main content Carbon Accounting for Assets with Net Zero Cloud Benchmark Building Energy Intensity and Fill Gaps in the 
Carbon Footprint Data Time Estimate About 20 mins Topics Learning Objectives No Data, No Worries! Benchmark Your Building Energy Usage Create a Building 
Energy Intensity Record Using BEI Builder Using CBECS vs BEI Fill Data Gaps in Carbon Accounting with Net Zero Cloud Resources Challenge +50 points Get 
help with this badge Provide feedback for this badge Benchmark Building Energy Intensity and Fill Gaps in the Carbon Footprint Data Learning Objectives After 
completing this unit, you’ll be able to: List the possible data gaps in a carbon footprint record. Explain building benchmarks. List the steps to fill gaps in a carbon 
footprint record. No Data, No Worries! NTO has many buildings across the globe. The company uses several energy sources to heat and cool the buildings, and 
power gadgets and devices. As we saw in the earlier unit, Net Zero Cloud uses energy use records to calculate the carbon footprint. Sam uses the monthly utility 
bills to obtain the energy consumption data for these assets, which he then feeds into Net Zero Cloud as energy use records. But there’s a problem. Electricity 
bills for a couple of months for a few of NTO’s buildings aren’t available. And there’s no way for Sam to know the total energy usage for these months. Any gaps 
in the energy use data can cause inaccurate carbon footprint accounting, which can lead to incorrect annual emissions inventories. We can’t stress enough the 
need for reliable and auditable carbon inventories for accurate sustainability impact reporting. Here’s a list of situations that can cause gaps in the energy use 
data. Missing energy consumption data: The monthly energy consumption bills are missing or the data is unavailable for some reason. Orphan energy use 
records: Energy use records that share the reporting year and organization asset with a carbon footprint (CF) record but aren’t linked to the CF record yet. Date 
issues: Two or more energy use records cover the same reporting period but have issues with dates. For example, missing start or end dates, start or end dates 
being out of range over the same reporting period, or overlapping start and end dates. So what should Sam do? Fortunately, Net Zero Cloud provides a quick and 
easy way to intelligently identify gaps in the carbon footprint data and fill them. Sam can use industry benchmarks or create custom benchmarks. Note Data gap 
filling is available only for stationary assets with the Commercial Building record type. As part of the initial configuration for stationary assets, the Salesforce 
admin creates the Commercial Building record type. (To learn more about the admin setup, see the Net Zero Cloud Admin Essentials Trailhead module.) 
Benchmark Your Building Energy Usage Net Zero Cloud supports the use of the following benchmarking approaches to fill in the missing energy use data. Use 
Industry Benchmark The Commercial Buildings Energy Consumption Survey (CBECS) is a national sample survey that researches and collects energy-related 
building characteristics and energy usage data of U.S. commercial buildings. The U.S. Energy Information Administration (EIA) publishes CBECS results. For 
reference data, the Salesforce admin loads the CBECS industry benchmark data into Regional Building Energy Intensity data records. Create and Use Your Own 
Benchmark Sam can use BEI Builder in Net Zero Cloud to compute a benchmark and develop insights into the average energy usage across all NTO buildings. 
Sam can then use the benchmark for filling in the gaps for buildings with missing energy use data. These numbers are stored in Building Energy Intensity (BEI) 
data records. BEI is measured in kWh/sqft or kWh/m? per year. Create a Building Energy Intensity Record Using BEI Builder BEI Builder guides Sam through the 
process of creating BEI records for NTO’s commercial buildings. It calculates the benchmark by averaging energy consumption values from existing energy use 
records. Note Only energy use records that Sam has created, or to which he has at least View All access, are automatically pulled into the BEI record that Sam 
creates. Sam can work with the Salesforce admin to get View All or Modify All permission for all the required records. Energy use records that meet certain filter 
criteria are considered for BEI calculation. Let’s go over these criteria. Averaging Window Start Date and Averaging Window End Date Energy use records must 
belong to the period defined by these dates. Building Size Category Energy use records must be for assets whose total floor area falls in the range defined by the 
building size category record. For more information, see Create a Building Size Category record. Note BEI Builder uses the occupied floor area of buildings to 
calculate the BEI to ensure that usage is estimated for the occupied space in which the energy was consumed. The floor area values are retrieved from the 
corresponding stationary asset environmental source record for the asset. Building Asset Type The buildings must be of the asset type defined by Building Asset 
Type. Asset types can be Office, Restaurant, or Hotel. Note Ensure that the record type for the asset is mapped with the stationary asset type - Commercial 
Building. GeographicalArea The buildings must be from the business region or country defined by Geographical Area. Energy consumption of buildings can vary 
depending on the climate and other external factors that are specific to a geographical area. Hence, geographical area information plays a key role in creating a 
distinct benchmark that’s used for data gap filling. If Sam wants to include energy use records that are created during the data gap filling process, he can select 
the System Generated Energy Use Records Included checkbox. On clicking Create, the Calculate Building Energy Intensity data processing job runs in the 
backend to calculate BEI and create a record. The Salesforce admin has already activated this data processing engine job template. For more information about 
BEI calculations, see Building Energy Intensity Calculations. Using CBECS vs BEI Whether you use the industry benchmark (CBECS) data or your own 
benchmark for filling data gaps depends on your organization’s requirements and preferences. For example, organizations can choose CBECS for buildings in 
the USA as it’s reliable and has been validated by government agencies. If CBECS data isn’t available for a certain fuel type or region, or the organization wants 
to use its own benchmark, you’d go with BEI. Let’s follow along as Sam uses Net Zero Cloud to identify and fill data gaps in one of the CF records. Fill Data Gaps 
in Carbon Accounting with Net Zero Cloud To get started, Sam selects Fill Data Gaps from the action menu of a carbon footprint record, which launches a wizard. 
Data gap filling in Net Zero Cloud is a three-step process. Step 1. Associate the orphan energy use records with the carbon footprint record. The first page lists 
energy use records that match the reporting year and organization asset of the CF record but aren’t yet associated with this or any other CF record. Sam reviews 
the list, selects the ones that must be associated with the CF record, and clicks Save. The selected records get associated with the CF record and are removed 
from the list. Note Only the energy use records that Sam has created, or to which he has at least View All access, are displayed in the list. Sam clicks Next to 
move to the next step. Step 2. Fix energy use report dates. The next page lists energy use records that are associated with the CF record but have issues with 
dates. By default, the list shows all such records but Sam can choose to view records with specific issues only. For example, to view records with missing dates, 
Sam keeps only the Missing dates checkbox selected and clicks Search to refresh the list. Sam fixes the dates and clicks Save, and then clicks Next to move to 
the final step. Step 3. For fuel types with missing energy use data, create and associate energy use records. Steps 1 and 2 helped Sam identify and associate 
unassociated energy use records with the CF record, and correct date issues in associated energy use records. The final step is to fill the data gaps. Sam must 
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select the fuel type for which he wants to fill the data gaps, and the fill method. He selects Cooling for the fuel type and Regional Building Energy Intensity for the 
fill method. The page shows record entries for the period with missing data and suggested values in the Fill Data (kWh) column. In the case of Regional Building 
Energy Intensity fill method, Net Zero Cloud uses the intensity value from the preloaded CBECS data. This fill method is available only if a Regional BEI record is 
associated with the CF record (Regional Building Energy Intensity field). Record entries on the page provide details of the energy use records that will be 
automatically created. Sam selects the desired entries per fuel type and saves the changes before clicking Finish. The corresponding energy use records are 
created. Sam notices that the System Generated Record checkbox in the Data Gap Filling Audit Information section of each of these records is selected. 
Likewise, Sam reviews, identifies, and fixes data gaps and inconsistencies in other CF records. Let’s see how Net Zero Cloud calculates the suggested values 
when we select other fill methods. Building Energy Intensity: Net Zero Cloud uses the intensity value that Sam created using BEI Builder. This method is 
available only if a BEI record is associated with the CF record (Building Energy Intensity field). Previous Year Daily Average: Net Zero Cloud computes and uses 
the average daily energy consumption data from the previous year. This method is available only if the previous year’s CF record is associated with the Previous 
Year Annual Carbon Footprint field in the CF record, and if at least one energy use record for the selected fuel type exists. Current Year Daily Average: Net Zero 
Cloud computes and uses the average daily energy consumption data from the current year. This method is available only if at least one energy use record for 
the selected fuel type exists. Manual: Sam must enter the energy use data for filling the gap manually. Sam is now ready to see how carbon accounting works for 
vehicle assets. Let’s find out in the next unit. Resources Salesforce Help: Calculate Stationary Asset Carbon Footprints Salesforce Help: Calculate Stationary 
Asset Carbon Footprint Items Salesforce Help: Calculate Building Energy Intensities Salesforce Help: Create a Building Size Category Record Trailhead: Net Zero 
Cloud Admin Essentials External: Commercial Buildings Energy Consumption Survey (CBECS) Trailhead: Net Zero Cloud Analytics Setup Quiz Complete! +50 
points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon-accounting-for-assets-with-net-zero- 
cloud/bfd4603e79491fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 100% View more modules Skip to main 
content Carbon Accounting for Assets with Net Zero Cloud Track Carbon Emissions for Vehicle Asset Sources Time Estimate About 5 mins Topics Learning 
Objectives NTO’s Vehicle Assets Energy Use Records for Vehicle Assets Vehicle Asset Carbon Footprint Calculations for Vehicle Emissions What’s Next? 
Resources Challenge +25 points Get help with this badge Provide feedback for this badge Track Carbon Emissions for Vehicle Asset Sources Learning 
Objectives After completing this unit, you’ll be able to: List the key fields on vehicle asset records. List the key fields on vehicle asset energy use records. 
Explain how to calculate emissions from vehicle assets. NTO’s Vehicle Assets NTO has two key vehicle emissions sources to account for: the private jets that 
NTO operates and the shuttle cars that are used for employee commuting. Sam creates a company-owned asset for a private jet used by the CEO of the 
company, and a record for the company shuttle in the Miami region, which they lease from a local car rental company for employee commutes. While most fields 
remain similar for the vehicle emissions sources, Sam takes a look at the key fields that impact emissions calculations. Vehicle type: Based on the record types 
configured by the admin, you can select the type of vehicle for which you want to calculate emissions. NTO can select between Fleet Vehicles and Private Jets. 
Other emissions factors: Lookup to the object that holds reference data for emissions from various fuel sources. Other emissions factor item records associated 
with the parent other emissions factor set record contains emissions factors for different fuel types, such as jet fuel, gasoline, diesel, or CNG. Apart from these 
key fields, Sam can also add additional information, such as the scope allocation, lease ID, lease expiration date, vehicle ID, and business region on a vehicle 
asset emissions source record. A Vehicle Asset Emissions Source record showing details of NTO Miami Company Shuttle. Energy Use Records for Vehicle 
Assets Let’s turn our attention to energy use. Now that he’s recorded his vehicle assets, Sam can specify supplier-provided fuel consumption data. Here are the 
details that Sam can specify on the energy use record. Fuel consumption details: Depending on the type of asset, fuel type can either be jet fuel for private jets, or 
any other fuel for fleet vehicles, such as biodiesel, compressed natural gas (CNG), diesel, or gasoline. Sam can also specify fuel consumption values in liters or 
gallons from gas station bills and fuel refill receipts. Distance: This is the distance traveled by a company car or the private jet for the reporting period. Distance 
can be specified in kilometers or miles. Aircraft details: Sam can specify the type of aircraft, which impacts the fuel efficiency and consumption patterns. From 
the flight receipts, Sam can also specify the flight duration and flight date. The following attributes are auto calculated based on the values provided and the data 
that is in an emissions factor record linked to. Fuel Efficiency CH., CO2, and N-O Emissions (kg) Scope-Based Emissions (tCO:ze) Total Fuel Consumption in US 
Gallons and Liters Aircraft Fuel Economy (Gallons per Hour) User-specified and autocalculated fields on a vehicle asset energy use record. Vehicle Asset Carbon 
Footprint Now it’s time for Sam to create a carbon footprint record for each vehicle asset that he’d specified earlier to calculate the total carbon emissions from a 
vehicle represented in metric tonnes of carbon dioxide equivalent (tCO.e). The conversion factors from the associated Other Emissions Factors and related Other 
Emissions Factor Items are used to calculate the emissions. The following key data points are available on a vehicle asset carbon footprint record. Total fuel use: 
Sam can view the total fuel usage for a vehicle in gallons and in liters. The values are rolled up from the associated energy use records for the vehicle. 
Supplemental emissions: Sam can also specify supplemental emissions by scope to manually adjust emissions, if needed. These are added to the calculated 
total emissions. Greenhouse gas emissions: Sam can see the auto calculated values for Total Scope 1, Total Scope 2 Market-Based, Total Scope 2 Location- 
Based, Total Scope 3 Upstream and Total Scope 3 Downstream Emissions (tCO:e) for the associated source. A Vehicle Asset Carbon Footprint record showing 
fuel consumption, supplemental emissions, and greenhouse gas emissions information for fleet vehicles. Calculations for Vehicle Emissions The following 
information is available on a vehicle asset energy use record for a fleet vehicle asset source such as NTO’s company shuttle. Field Value Name Miami Shuttle 
Fueling Receipt 2/3/21 Reporting Period 2/3/2021 - 2/3/2021 Distance 100 miles Fuel Type Diesel Fuel Consumption 100 liters The data inputs on a vehicle asset 
energy use record. First, Net Zero Cloud converts the fuel consumption to gallons. 100 liters = 26.42 gallons. Next, let’s look at the information in the other 
emissions factor set record. The fuel conversion factors - DEFRA EPA 2018 record has an associated other emissions factor item record that holds the emissions 
factors for Diesel. The values are as follows. Field Value CO2 Emissions Factor 9.75 g/US gal N-O Emissions Factor 0.3 g/US gal CH. Emissions Factor 0.12 g/US 
gal So, for 26.4 gallons of Diesel, the mass of CO:, NO, and CH. generated is calculated by applying the emissions factors. CO2: 26.42*9.75*0.001 = 0.257568 kg 
N20: 26.4*0.3*0.001 = 0.007925 kg CH4: 26.4*0.12*0.001 = 0.003170 kg Note that the contribution of NO and CH. emissions in terms of carbon dioxide equivalents 
is not 1:1. This equivalence is obtained from the global warming potential (GWP) values referred to in the other emissions factors record. NO GWP = 265 CH. 
GWP = 28 Scope 1 Emissions (tCO:e) = {COz Emissions (Kg) /1000} + {N-O Emissions (Kg) /1000 *N.O GWP} + {CH. Emissions (Kg)/1000 * CH. GWP} = 
{0.257568/1000} + {0.007925/1000*265} + {0.003170/1000*28} = 0.0024 A vehicle asset energy use record showing the calculated scope 1 emissions for a vehicle 
which uses diesel. Similar calculations are carried out for private jets by referring to the fuel conversion factors for jet fuel and other values, such as aircraft fuel 
economy. What’s Next? Let’s pause for a moment to understand what Sam has done so far. He has listed the stationary and vehicle asset sources for NTO’s 
carbon accounting process and he has decoded the various emissions factors used for estimation of tCO.e emissions for these assets. Next, he has created 
energy use records for stationary and vehicle assets, and he created the required carbon footprint records to aggregate the data. Sam has also looked at the 
calculations behind the scenes. He is now ready to uncover a few extra details about the carbon accounting process in the next unit. Resources Salesforce Help: 
Create a Vehicle Asset Emissions Source Record Salesforce Help: Create an Other Emissions Factor Set Record Salesforce Help: Create a Vehicle Asset Energy 
Use Record Salesforce Help: Calculate Vehicle Asset Carbon Footprints Developer Guide: Vehicle Asset Energy Use Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon-accounting-for-assets-with-net-zero- 
cloud/bfd4603e79491fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 100% View more modules Skip to main 
content Carbon Accounting for Assets with Net Zero Cloud Explore Additional Features for Carbon Accounting Time Estimate About 10 mins Topics Learning 
Objectives Carbon Footprint Stages Do More with Carbon Footprints Why Do You Need a Carbon Inventory? Sum It Up Resources Challenge +25 points Get help 
with this badge Provide feedback for this badge Explore Additional Features for Carbon Accounting Learning Objectives After completing this unit, you’ll be able 
to: List the stages of carbon footprints. Explain record locking and carbon footprint recalculation. Explain why you need an annual carbon inventory record. 
Carbon Footprint Stages A carbon footprint record is flexible in Net Zero Cloud. Companies can choose the reporting period for carbon footprints and how 
granular they want footprints to be. For example, Sam has the flexibility to create carbon footprint records that summarize emissions for a single asset for a 
given year, or for multiple assets across any period. NTO has chosen to create carbon footprints for each stationary and vehicle asset source for a single year. 
Sam notices that on all carbon footprint records there’s a field called the Footprint Stage. Carbon footprints for NTO go through a detailed process of approval 
and audit. All data is validated within Sam’s team and calculations are completed. Then, both internal and external audits are conducted to ensure that all 
emissions are correctly accounted for. Net Zero Cloud makes this process easy to manage. The Footprint Stage field comes with logical values that help Sam 
move the record through each stage with a simple click! Let’s take a closer look at these values and what they mean. Note The following picklist values are 
available by default for the Footprint Stage field on a carbon footprint record in Net Zero Cloud, but your admin can customize the stages as per company 
requirements. Emissions source confirmation: The user confirms whether to include an individual building or vehicle asset in the carbon footprint. Data 
collection: All energy consumption records are entered and associated with the assets. Validation: The user determines that the initial data looks correct, 
including the input and the calculated emissions output based on the associated emissions factors. Renewable energy allocation: The renewable energy 
allocation information is added to the energy consumption records. Internal audit: An internal auditor validates the energy consumption and carbon footprint 
information. External audit: An external auditor validates the carbon footprint information. Completed: The validated carbon footprint record is marked as 
complete. The Footprint Stage picklist on a stationary asset carbon footprint record. The best part is that Sam can easily manage multiple carbon footprint 
records through their lifecycle using the Kanban view. This view makes the workflow better because Sam can visually track where each record is in the 
footprinting process. And when one stage is complete, he simply drags the record and drops it to the column of the next stage! The Kanban view of carbon 
footprint records in different footprint stages. Do More with Carbon Footprints The flexibility doesn’t end there. Sam explores a few additional features that make 
carbon accounting even easier with Net Zero Cloud. Lock the Carbon Footprint Record To ensure that the carbon footprint record is not updated accidentally or 
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by an automated process, Sam locks the carbon footprint record, which also locks the child, or associated, energy use records. This prevents the carbon 
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Locked carbon footprint records can be unlocked later. The Record Locked checkbox on a stationary asset carbon footprint record. Recalculate the Carbon 
Footprint The carbon footprint record can become out of sync with the energy use records that are associated with it, such as when emissions factors change or 
when the energy consumption numbers are updated in a child energy use record. If the emissions factors have changed for any associated energy use records, 
Sam can click Recalculate on a carbon footprint to reset and recalculate values from all attached energy use records. When a child energy use record is added or 
updated, Net Zero Cloud automatically recalculates all the child energy use records and the carbon footprint record. No manual updating and tracking needed! 
The Recalculate quick action on a Stationary Asset Carbon Footprint record. Note Sam can modify, lock, unlock, and recalculate carbon footprint records that he 
created. But if he wants to perform these actions on records that are created by other users, he must have Modify All permission on them. Sam can work with the 
Salesforce admin to gain the required permissions. Why Do You Need a Carbon Inventory? Sam now understands all the essentials of carbon accounting. Since 
all the work’s done and it’s the end of the year, Sam wants to give himself a pat on the back and a well-deserved break. But before that, he notices that there’s one 
last item left to be ticked off his to-do list. Sam can create an annual emissions inventory record for any given year to roll up all carbon footprints for all sources 
and activities. The aim for NTO is to set a science-based target and develop an emissions reduction target in line with Science-Based Targets Initiative’s (SBTi) 
criteria. The carbon inventory is the first step towards getting started on that path. On an annual emissions inventory record, Sam can see granular information 
for each emissions source type, broken up by category and activity and even the percentage of each emissions type towards the total emissions. Emissions from 
a Carbon Footprint record are aggregated into the annual emissions inventory if they meet the following conditions: The Reporting Year on a footprint record 
matches the Year that is selected during inventory creation. The Footprint Stage on a footprint record matches the Carbon Footprint Stage that is selected during 
inventory creation. The Annual Emissions Inventory on a footprint record is associated with an inventory record. An annual emissions inventory record for 2021 
showing total emissions by scope. Previously, Sam would have had to do all these calculations manually. That could have taken months! Salesforce Net Zero 
Cloud enables easy recording and traceability of calculated emissions. Moreover, Sam can also use this data to further forecast NTO’s emissions for upcoming 
years accurately. Sam can truly have a restful time-off! Sum It Up Salesforce Net Zero Cloud solves many of the issues with traditional carbon accounting: 
incomplete or missing records, manual data tracking in multiple spreadsheets, and unstructured data. The time it took NTO to collect, calculate, and audit data 
has been reduced from months to weeks. With all the data flowing directly onto one platform, Sam can efficiently quantify the carbon footprint across scope 1, 2, 
and 3 emissions and reduce NTO’s carbon footprint, getting them closer to their net zero goal. Following in his footsteps, you too can formulate a climate action 
plan from a single source of truth, and easily measure and manage your plans with your trusted partner, the Net Zero Cloud. Resources Salesforce Help: Manage 
Carbon Accounting Salesforce Help: Record Locking and Recalculation Salesforce Help: Data Auditing Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/carbon-accounting-for-assets-with-net-zero- 
cloud/bfd4603e79491fc66fb5cbe9225bcf95_badge.png Carbon Accounting for Assets with Net Zero Cloud 100% Progress: 100% View more modules Skip to main 
content Digital Engagement Learn About Digital Engagement Time Estimate About 10 mins Topics Learning Objectives What Is Digital Engagement? Digital 
Transformation Benefits of Digital Service Resources Challenge +25 points Get help with this badge Provide feedback for this badge Learn About Digital 
Engagement Learning Objectives After completing this unit, you’ll be able to: Explain what digital engagement is. Describe key benefits of digital customer 
service. Identify the differences between digital service and digital transformation. What Is Digital Engagement? Ursa Major Solar’s business continues to grow. 
The company can’t keep enough solar panels in stock to sell to all its customers—and potential customers—who keep trying to contact them. But contacting 
Ursa Major Solar is difficult. At least that’s what Sita Nagappan-Alvarez, the CEO of Ursa Major Solar, keeps hearing. After a large deal closed with a residential 
builder, the client said, “If | could’ve reached you or learned about your business sooner, | would’ve bought twice as many panels...” Salesforce Research states, 
“As customers spend more time at home with their devices and less time in stores or places of work, the shift toward digital channels has accelerated. At the 
same time, the share of organizations offering in-person customer service plummeted, and channels such as online chat, messenger apps, and video support 
saw double-digit adoption gains. Eighty-seven percent of service professionals say customers have increased their use of digital channels during the pandemic." 
Gone are the days when an email or phone call is enough. To keep customers and potential customers happy, you must engage with them in the digital realm. 
Enter, digital engagement. It’s a term that describes how companies engage with customers across all digital touchpoints, while providing a consistent customer 
experience. Typically, a customer’s journey includes marketing, selling, and servicing in a way that lets them switch between multiple channels without 
interrupting a positive experience. Four concentric circles intersecting, representing Marketing Cloud Engagement, Sales Cloud, Commerce Cloud, and Service 
Cloud A typical digital customer journey for Ursa Major Solar might look like this: A new campaign to promote solar panels on the web or on multiple social 
media channels (Marketing Cloud Engagement). Leads and opportunities from the campaign are captured and every stage of the deal is tracked and analyzed 
until the sale of the solar panel is complete (Sales Cloud & Commerce Cloud). After the solar panel is purchased, customers receive service reminders as texts 
on their mobile devices, review service agreements from a website, and reach out to support via chatbots, web chat, social media channels, and more (Service 
Cloud). Each part of the journey—no matter where the customer is at—is optimized with automation and artificial intelligence (Al) to make sure that a positive 
experience is delivered consistently. Digital Transformation Sita knows that emerging technology is transforming customers’ expectations. Customers ask virtual 
assistants to play their morning playlist, use applications to order their favorite foods, call for a ride, or navigate traffic. The reason these experiences are sticky 
is that emerging technologies like Al are embedded into these apps to power customer experiences. To stay competitive, companies need to incorporate digital 
technologies into their customer experiences. Customers expect to interact with businesses the same way they do in their personal lives—on mobile devices, 
with SMS messaging, social media, and more. If customers aren’t receiving the experiences they expect, they can easily take their business elsewhere. The rise 
of social media and review websites give customers more of a voice. In the past, customers might have shared a bad experience with friends and family, but with 
social media, they can broadcast bad experiences with the world. Digital transformation—converting ink-on-paper records to digital formats—encourages 
businesses to reconsider how to deliver customer experiences, and question traditional ideas of teams and departments. That doesn’t mean support agents need 
to run marketing campaigns, but it can mean knocking down walls between departments. A social media presence can encompass marketing, selling, and 
servicing, tied together by a digital platform that captures customer information, creates personalized journeys, and routes questions from customers or 
potential customers to the right support agents. Benefits of Digital Service Sita knows that digital transformation has reshaped how companies approach 
customer service. The old model was to wait for customers to find you, whether in person or by calling a toll-free number. But the rise of digital communication 
has changed service much like it’s changed advertising, media, and news. The practice of providing excellent service hasn’t changed. But the process of 
answering a question, looking up relevant data, and offering a solution has become much more efficient with mobile devices and multiple communication 
channels. Sita can see that embracing social media, automation, and Al will help build better relationships with new and existing customers. Benefit Description 
Unify data and systems across teams for faster resolution Get a sense of the customer’s state of mind and provide a better experience by giving both sales and 
service a 360-degree view of each customer. Know when the customer is having service issues before sales pitches to them so that all factors are considered 
before important negotiations. Prepare deals to move forward by having the service team prioritize resolving the customer’s issues while sales works with them. 
Help customers help themselves with self-service options Empower customers to serve themselves at their convenience, 24/7. Let customers do almost 
everything in a web portal that support agents can accomplish in a contact center. Customers will gain a sense of control when they have anytime access to 
answers, account information, and the ability to make updates, additions, or changes. Make self-service easier by dedicating space on a mobile-ready website, a 
mobile application, or even a stand-alone mobile app. Collaborate and share sources of truth with sites Take part in the conversations about your brand. Host an 
online portal where customers and potential customers can find trustworthy answers to their questions, collaborate with experts, and voice issues to which 
support agents can respond. Make social media and your site complementary by promoting your site in social feeds and bringing questions from social feeds 
into your site. Allow support agents to monitor and respond to social media channels like Twitter, Facebook, Instagram, and YouTube so service is available 
wherever customers spend time online. Add faster alternatives to voice calls with SMS, messaging, and chat Give your customers an alternative to voice calls by 
supporting one-to-one service conversations across multiple messaging and chat channels. Offer customers the convenience of using messaging apps to 
communicate with your business, just like how they communicate with friends and family. Add SMS to your toll-free business number for messaging to appeal to 
mobile customers. Add a seamless support agent hand off by replacing static pre-chat forms with a simple chatbot experience to gather basic information from 
your customers. Or offer a chat experience directly from your mobile app. Free up agents with automation and Al to deliver better service Identify areas where 
your customers and support agents spend the most time on repetitive tasks. Then, apply the power of automation and Al to deliver smarter experiences, which 
free up agents to solve bigger problems. Embed automation into service workflows with action lists and step-by-step guidance to make processes faster. Use Al 
to route work to the right agent, prefill case context, and make recommendations for next actions based on machine learning from past cases. Sita knows that 
she must move Ursa Major Solar into the realm of digital service. Based on the State of Service report from Salesforce, she understands that she’s not alone: 
81% of decision-makers say they’re accelerating digital initiatives. But where to start? Enter Service Cloud. Resources Trailhead: Learn About the Fourth 
Industrial Revolution Blog Post: Service Transformation Must Come from the C-Suite Blog Post: How Customer Experience Is Rewriting the Rules of Business 
Success Salesforce Help: Solution Kits for Retail and B2C Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/service_digital_engagement/9034078a72a3ae7c9d1b1910b5ee25f1_badge.png Digital 
Engagement 100% Progress: 100% View more modules Skip to main content Digital Engagement Engage Customers with Service Cloud Time Estimate About 10 
mins Topics Learning Objectives How Service Cloud Helps with Digital Engagement Digital Engagement Options with Service Cloud Resources Challenge +50 
points Get help with this badge Provide feedback for this badge Engage Customers with Service Cloud Learning Objectives After completing this unit, you’ll be 
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Digital Engagement Even though each digital engagement journey for a customer includes marketing, selling, and servicing, Sita focuses on service. Based on 


the stats and feedback she’s received, transforming service for Ursa Major Solar is her number one priority. Tip: This module focuses on digital engagement for 
Service Cloud. To learn more about the other clouds, see: Discover Sales Cloud Get to Know Marketing Cloud Engagement Sell Everywhere with Commerce 
Cloud Want to learn more about how to integrate various functions of Marketing, Commerce, and Service Clouds? Then check out Salesforce’s Solution Kits. To 
get started with digital engagement for service, Sita turns to her rock star admin, Maria Jimenez. Maria has set up several Salesforce features for Ursa Major 
Solar, and she’s ready to share how Service Cloud can help with digital engagement. Sita and Maria standing alongside the Ursa Major Solar logo. First, since 
Salesforce is already in use, a number of digital engagement tools are available to set up. Maria may need to purchase a few new user or feature licenses, but 
everything she needs to help Ursa Major Solar engage and support customers in the digital realm is a few clicks away. Service Area Description Service Cloud 
Platform Provide a 360-degree view of customers and their past preferences from multiple channels. The platform includes agent productivity tools and routing 
features so customer cases automatically go to the right agent, at the right time, from anywhere, on any device. Push agents relevant knowledge from across 
your organization, including key articles, topics, and advice from your product experts. Allow agents to see customers’ histories to check on service agreements 
and to offer personalized incentives and special offers. Service Cloud Messaging Let your company have conversations with customers in ways that are most 
convenient for them—on their mobile devices using messaging apps, such as SMS text messaging and Facebook Messenger. Power conversations with chatbots 
to automate service or agents can connect instantly with a customer to give them the personalized help they might need. Service Cloud Embedded Service for 
Web or Mobile Apps Embed customer service directly into your web pages and mobile apps so you can reach customers right where they are. Let your 
customers contact you on the go without interrupting their browsing experience or mobile experience. Add chat, knowledge, and case capabilities to your 
websites and mobile apps to provide richer service. Salesforce Self-Service Build branded sites that let customers help themselves, anytime, on any device, 
without the assistance of an agent. Add self-service web portals to help customers connect with each other for insights, access knowledge, and interact with 
chatbots to find the right resources or get redirected to the right agent for immediate service. Service Cloud Einstein Put artificial intelligence (Al) into routine 
service interactions, especially for chatbots on digital channels like web chat, SMS messaging, or voice activated devices. Connect chatbots to existing business 
process for more intelligent service automation. Save agents time by using machine learning to surface the best responses and knowledge from past cases and 
conversations. Let Einstein analyze incoming cases to automatically predict fields so that the right agents can handle specific requests faster. Sita is impressed 
with Service Cloud’s areas to support the digital realm. But she wonders where email and phone fits in. “Aren’t email and phones digital?” Maria assures her that 
email and telephone are traditional channels for service that often fall into the realm of digital engagement. Both email and telephony are part of multichannel 
service available with Service Cloud. Digital Engagement Options with Service Cloud Maria dives a little deeper into specific Service Cloud features and how they 
help with customer engagement. Learning about these features will help Sita and the service team decide what to implement. Service Area Description Service 
Console The Service Console is a centralized interface that lets agents see all relevant information about customers and helps them respond to cases across 
multiple channels, simultaneously. The console integrates with productivity tools, routing mechanisms, useful knowledge, predictive intelligence, data from other 
systems, and more to provide a unified workspace to support customers on any device, from any location, across any channel. All service features and channels 
connect with the console. And, since the console is a Lightning app, it’s easy to customize and scale with components and drag-and-drop tools. Salesforce 
Mobile app Salesforce Mobile app is for customer service on the go, and it’s available on both iOS and Android devices. The app gives you real-time access to the 
same case and customer information that you see on the console but is organized for getting work done from your mobile device. Omni-Channel Omni-Channel 
routes any type of incoming work item to the most qualified, available support agents in the console. Monitor agent workloads and the status of work items 
routed by Omni-Channel. Agents can raise flags on work items when they need assistance from a supervisor, and supervisors can monitor conversations 
between agents and customers, and send helpful messages that only the agent sees. Supervisors can also respond to incoming support requests by changing 
queues as needed and can update agent skills quickly. Voice & Call Center Voice & Call Center integrates phone call capabilities with the console so that you can 
use your computer as a phone. Whenever a customer calls, their information appears front and center for agents so that they have everything they need to help 
the customer. No more time spent searching, scrolling, or clicking for information about a customer. Make outgoing calls directly from the console, and report on 
call outcome, duration, and more. Email-to-Case Email-to-Case automatically converts emails sent to an address you specify to cases in the console. Email 
exchanges between customers and agents are tracked to see history and sentiment and lead to the quickest resolution. Web-to-Case Web-to-Case lets you add a 
submission form on your website so that customers can submit cases directly to the console for agents. Since you choose the case fields on the form, any 
workflows, assignments, and responses are automatically triggered. Experience Cloud Sites Sites help you share information and collaborate with customers, 
partners, or employees. Whether you call it a self-service web portal, a help forum, a support site, or something else, an online community lets your agents share 
approved content and connect with others from the console. Use easy point-and-click tools with Lightning templates to create branded collaboration spaces for 
various business purposes. Messaging Messaging lets customers start conversations with your company by sending texts to your designated phone number or 
sending Facebook Messenger messages to your Facebook page. Incoming messages are displayed in the console, where agents can accept messages and start 
chatting. Agents can also proactively reach out to customers on these channels to keep them updated or use automation to send customers messages when 
Salesforce records change, such as when cases are closed. Embedded Service Embedded Service helps you add personalized service to connected apps for 
mobile and the web. Create and monitor cases from any mobile device for a seamless service experience wherever your customers are located. Set up two-way 
audio chat for devices so that agents can have context for issues and solve problems directly from the console. Einstein Bots Einstein Bots are applications that 
simulate human conversation, either aloud or from text message. Instead of having a conversation with an agent, customers can have a conversation with a 
computer integrated with an Al technology called Natural Language Understanding (NLU). Whether through typing or talking, a chatbot can connect with a 
customer to answer routine questions, leaving agents more time to help customers with more complex questions or problems. Einstein Case Classification 
Einstein Case Classification uses predictive intelligence on new cases to recommend or populate picklist and checkbox field values based on past data. It uses 
machine learning, Al technology that determines the values on case fields, to free up time for support agents. More time for support agents means more time 
spent making customers happy and delivering exceptional experiences. A Service Console integrated with multiple channels alongside the Salesforce Mobile 
app. Now that Sita has a better idea of what digital service options are available with Service Cloud, she asks Maria to help her start planning for digital 
engagement. Resources Salesforce Help: User Licenses Salesforce Help: Feature Licenses Overview Salesforce Help: Lightning Service Console Salesforce 
Help: Solution Kits for Retail and B2C Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/service_digital_engagement/9034078a72a3ae7c9d1b1910b5ee25f1_badge.png Digital 
Engagement 100% Progress: 100% View more modules Skip to main content Digital Engagement Plan for Digital Engagement Time Estimate About 15 mins 
Topics Learning Objectives Prepare for Digital Service Digital Content Considerations Next Steps for Digital Engagement Resources Challenge +50 points Get 
help with this badge Provide feedback for this badge Plan for Digital Engagement Learning Objectives After completing this unit, you’ll be able to: Learn the 
importance of implementing case management before digital engagement. Begin the planning process for Service Cloud’s digital engagement tools. Understand 
the importance of content for digital engagement. Prepare for Digital Service Maria knows that adding multiple channels is the second stage of the general setup 
process for Service Cloud. (See the Service Cloud for Lightning Experience module for a refresher.) Service Cloud’s implementation process represented by 
concentric circles with an arrow pointed at the second circle, which is Channels. Maria understands why she shouldn’t set up channels or digital engagement 
first: If a customer reaches out for help, but there’s no consistent way to track, route, or respond to their question, who would receive the case to resolve? A 
customer or agent lost in an unclear case management process makes for an unhappy customer and agent. Maria is excited about setting up digital engagement 
features for service. Before she sets up any features, she asks Ursa Major Solar’s service team some questions about how they work. She wants a thousand-foot 
view into their general processes and requirements before she implements any specific features. Fundamentals Question Answer Do your agents have a 
complete view of the customer? Yes, during our case management implementation, we customized a Service Console to show account, contact, and other 
records for 360-degree views of customers. The console is ready to support multiple channels. Are you able to effectively route cases or messaging sessions to 
the right agents? Yes, during our case management implementation, we set up some queues, assignment rules, and escalation rules, but we need to look into 
Omni-Channel. Omni-Channel routing sounds more robust and can automatically push and prioritize a variety of work to agents, without them picking items from 
a queue or determining priorities. We definitely need Omni-Channel for better automation and to scale the growth of our service team. Are you using automation 
to save time and speed case resolution? We’re using some of the basic assignment and escalation rules. However, we’re not using anything like automated 
conversations with chatbots to answer routine questions online. We’re also not using any kind of Al or machine learning to make automatic field predictions to 
speed up case resolution. Someone needs to look into self-service, Einstein Bots, and Einstein Case Classification. Do your agents spend a significant amount of 
time switching between applications to get customer information or answers? The console has made it easier for agents to see complete views of customers, but 
we need to do something about knowledge. We implemented Salesforce Knowledge, but we need to add the Knowledge component to the console so that 
automation suggests correct answers to agents while they’re working on cases. Self-Service Question Answer Where can customers find answers to questions 
about your products or services? Can they access answers and information on a website or a mobile app? Currently, we have a Web-to-Case form on our 
website where customers can submit cases. But that’s it. We’ve been wanting to update our website for a while, but we haven’t made the time. After reading 
about Experience Cloud sites, we need something like that online where customers, agents, and experts can collaborate and share ideas. We also need a source 
of truth for some documents about our solar panels. And adding a chatbot on an Experience Cloud site to answer common questions would help unload some of 
the most tedious work from our agents. Information for customers on a mobile app sounds great, but we need a site first, which everyone can access on mobile 
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like an Experience Cloud site where customers can register any of our products online and do so at their own convenience. Also, since we implemented 
Salesforce Knowledge, we need to share some of our articles online so that customers can troubleshoot routine issues themselves, 24/7, without having to 
phone an agent during business hours. If you already have a knowledge base for your customers, are you using marketing automation to increase engagement 
and adoption of the portal? Once we have a self-service site, and set up some social media channels, we will definitely look into message automation to drive 
traffic and awareness to it. Thank goodness we already have Salesforce Knowledge with some incredibly helpful articles that are ready to share online! Social 
Presence Question Answer Do you receive service-related questions on social media? Are the right people responding? We don’t know. We have no social media 
presence right now, at least none we’re participating in or responding to. We have to add a variety of social media channels to our digital engagement plans—we 
have to reach customers where they are at. Are customers chatting online about themes related to your product or industry? Ryan De Lyon, our customer 
service manager, has heard some customers are posting questions about our solar panels on Twitter and Facebook. Since we are not monitoring those channels, 
we don’t really know what is going on there or how our brand is affected. Ideally, once we set up social channels, we’d like to contribute to conversations about 
the solar panel industry and lead a few talking points to build new relationships and drive more business. Are your customers already building online forums of 
their own to discuss your products or services? We don’t know—we need to research this topic. A few months ago, one of our agents mentioned that there was a 
website displaying some of our solar panel manuals with a few comments posted on the site, but we’re not sure what that is about. Sounds like we need to look 
into it immediately. Messaging Question Answer Where does most of your customer traffic come from? Is it from mobile or desktop? We don’t know. We think 
that most of the people we interact with have mobile phones and use text messaging. Once we have some of our digital channels up and running, like self-service 
sites or social media, we should post a survey to our customers and try to determine how many of them prefer communicating with us from mobile devices or 
desktops. Do you know your percentage of customers using iPhones versus Android? No, this is another area for a customer survey once we have digital 
channels set up. The answer will help us learn on which devices to build mobile service apps in the future. Are your customers using international messaging 
apps like WeChat or WhatsApp? Currently, we don’t have any international customers. In the future, however, we hope to expand globally, so this question is 
important for us as we plan for growth. Automation & Al Question Answer Do your agents spend time on data entry or repeating steps on every case that they 
work? Our agents do type a lot of the same things in the console, but we’re already looking into the console’s Macros and Quick Text features to reduce repetitive 
tasks. Macros will help agents select email templates, send emails, and change case statuses all with one click, whereas Quick Text will help agents send a 
variety of predefined messages to customers so they save time typing the same responses, no matter which channel. Do you have a list of the top common 
questions, such as order status or password reset that you get from customers on a regular basis? Yes, our agents spend a lot of time answering similar 
questions, especially on order statuses. If we had a self-service site or a text messaging channel where Einstein Bots could answer those questions, our agents 
could focus on solving more complex issues that require creativity and teamwork. Do you have any picklist or checkbox fields on cases that machine learning 
could prefill for agents; any recommendations for knowledge articles or next actions for agents? Yes, some useful fields to predict are Case Reason, Escalated, 
and Priority—having those automatically predicted would save agents time and clicks. And, anytime a useful article from our knowledge base could surface to an 
agent without searching for it is a productivity boost. Also, any kind of Al that suggests next-best actions for agents while they work would be a dream come true. 
Offloading some decisions during customer interactions could only help agents focus on building better relationships. Digital Content Considerations As Maria 
plans for digital engagement, she sees a unique thread that ties a number of features together—content. She wonders, “Do we have the right content ready to 
help agents and customers across multiple channels?” Based on the answers to the planning questions above, she knows the answer is no. Traditionally, content 
is something only marketers, advertisers, or media agencies created. Support agents worked with a limited content choice of case open or case closed. If service 
teams created content, it was usually a Frequently Asked Questions (FAQ) page on a website. With chatbots, SMS messaging, social media posts, or 
conversational interfaces from buttons all the way to online payments, content is a big piece of how to deliver service. Content is also a critical component for 
closing the loop on marketing, selling, and servicing. Content creation and curation requires a new set of skills for service. The teams at Ursa Major Solar will 
have to give considerable thought to the content that appears in each stage of a basic digital customer journey. Next Steps for Digital Engagement Now that Sita 
and Maria have answers to their questions, they take a step back to prioritize Service Cloud feature implementations. There are a lot of features they can set up, 
so they ask themselves a few more high-level questions. Which channel should we set up first, second, and so on? Are our agents trained to communicate on 
those channels? Will agents cover all channels or will some agents cover specific channels? Will the channel take into account international customers and 
multiple languages? Are our console and case management processes ready to support each new channel and automation or Al? All of these questions should 
be asked before adding a new digital channel to a multichannel support model. Once Maria gets the answers she’s looking for, she can begin setting up specific 
service features for Ursa Major Solar. It looks like there’s a lot more Trailhead in Maria’s future. Resources Trailhead: Service Cloud Agent Productivity Trailhead: 
Omni-Channel for Lightning Experience Trailhead: Make Service Cloud Smarter Salesforce Help: Solution Kits for Retail and B2C Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/service_digital_engagement/9034078a72a3ae7c9d1b1910b5ee25f1_badge.png Digital 
EngaSkip to main content Data Cloud Solutions on AppExchange: Quick Look Discover Data Cloud Solutions on AppExchange Time Estimate About 5 mins 
Topics Learning Objectives What Are Data Cloud Solutions on AppExchange? Data Cloud Solution Use Cases Find Data Cloud Solutions on AppExchange Want 
to Build Your Own Data Cloud Solution? Resources Challenge +25 points Get help with this badge Provide feedback for this badge Discover Data Cloud 
Solutions on AppExchange Learning Objectives After completing this unit, you'll be able to: Explain what Data Cloud solutions are. Describe three types of Data 
Cloud solutions. List some advantages of using Data Cloud solutions. Search for best-fit Data Cloud solutions on AppExchange. Identify resources to learn more 
about building Data Cloud solutions. What Are Data Cloud Solutions on AppExchange? You’re a Salesforce customer with a robust implementation that includes 
Data Cloud. You’ve probably already completed the Salesforce Data Cloud: Quick Look on Trailhead. You know that Data Cloud brings in data from all your 
existing sources using built-in connectors. But do you know about the power of Data Cloud solutions on AppExchange? AppExchange is the marketplace for all 
things Salesforce. And Data Cloud solutions on AppExchange are easy-to-install apps that help you activate, extend, enhance, and enrich your Data Cloud 
implementations. You can also connect with consultants specializing in Data Cloud. Data Cloud Solution Use Cases Data Cloud solutions and consultants can 
help you with a wide variety of business needs. For example, install Data Cloud apps to: Improve the quality and accuracy of your customer data with data 
harmonization across your business systems. Segment your existing customer data to better target advertising campaigns on social media sites such as 
Facebook, TikTok, and Pinterest. Improve audience activation outcomes resulting in greater monetization per customer. Connect with consultants specializing in 
Data Cloud to: Discuss your Salesforce architecture and Data Cloud strategy. Create and implement a transformational roadmap that brings your existing data 
infrastructure from current to future state. Learn about industry best practices and efficiencies to make the most of your Data Cloud experience. Find Data Cloud 
Solutions on AppExchange So you’re convinced that a Data Cloud solution or consultant can benefit your business. Great! We make it easy for you to find Data 
Cloud solutions on AppExchange. Start with our Data Cloud product collection. In the product collection, Data Cloud solutions are organized into three groups: 
Data Enrichment Apps help you connect, enrich, and harmonize your data in Data Cloud. Data Activation Apps send audiences to advertising platforms, 
including social media. Data Strategy Experts offer a wide variety of advice and services utilizing their Data Cloud expertise. As with any app or consultant on 
AppExchange, click the listing to learn more. Read reviews to see what other customers have to say. Have you viewed the product collection, but you’re still 
searching for that perfect-fit Data Cloud solution? No worries: Beyond the product collection, there are a lot more Data Cloud offerings on AppExchange. 
AppExchange search is here to help. Type any string into the search box. Terms that work well for Data Cloud solutions include Customer Data Platform, CDP, 
Data Cloud, and so on. Any way you search, find a bounty of solutions on AppExchange. A sample AppExchange search page with a highlight on the search term 
“cdp” Use AppExchange search filters to further refine your search. For example, search on free or freemium pricing, or filter to see only 3 or 4 star-rated 
listings. Want to Build Your Own Data Cloud Solution? As you discovered, there are many great Data Cloud solutions on AppExchange. Has diving into those 
solutions inspired you to create your own? Awesome! Check out the Build and Share Data Cloud Functionality guide to learn more. In this Quick Look, you 
learned what types of Data Cloud solutions AppExchange ISV partners offer, and how to find Data Cloud solutions on AppExchange. You even discovered some 
resources to help you build your own solutions and host them on AppExchange. Next, continue your learning journey by completing Meet Your Business Needs 
with AppExchange. Resources AppExchange: Data Cloud Collection Developer Doc: Data Cloud Developer Guide Developer Doc: Build and Share Data Cloud 
Functionality Salesforce: Data Cloud Salesforce Help: Data Cloud Salesforce: Learn more about Data Cloud Trailhead: Explore Data Cloud Trailhead: Salesforce 
Data Cloud: Quick Look Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-cloud-solutions-on- 
appexchange-quick-look/a742fc77f8981de6c948fdd107bca798_badge.png Data Cloud Solutions on AppExchange: Quick Look 100% Progress: 100% View more 
modules Skip to main content Web3: The Future of the Internet Get Started with Web3 Time Estimate About 5 mins Topics Learning Objectives Welcome to the 
World Wide Web The Evolution of the Internet Why Web3 Matters Where Do We Go Next? Resources Challenge +25 points Get help with this badge Provide 
feedback for this badge Get Started with Web3 Learning Objectives After completing this unit, you’ll be able to: Define Web3. Describe each evolution of the 
internet. Describe why Web3 is important for the future. Welcome to the World Wide Web A lot has changed since the advent of the internet in the early 1990s... 
The internet is alive. It’s an ever-changing technology that has become our default context. And as the internet has evolved—from a way to link documents to an 
accessible information system to an interconnected social network with millions of active users daily—the way we relate to each other and the world around us 
has changed. Since its advent, the internet has enabled billions of users worldwide to learn, share, and connect globally for free. But millions of people can share 
and manipulate all of the information out there. This creates the enormous gaps in transparency, privacy, and security we experience with today’s internet 
ecosystem. This problem can theoretically be solved with the next generation of the internet, Web 3.0, often referred to as Web3. How we connect with our 
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technology and use cases we see today will continue to evolve and be played out over years and decades. There’s a lot to unpack here. That’s why we created 
this module: to help make sense of where we’ve been, where we’re headed next, and what it all means. Before we get to the details about Web3, let’s review some 
basics. Let’s start from the beginning. The Evolution of the Internet The evolution of the web is often divided into three stages: Web 1.0, Web 2.0, and Web 3.0. In 
the beginning, Web1 (1990 to 2000) democratized access to information. It was the first iteration of the world wide web. Most of us were consumers of content. 
And the creators were typically developers who built websites that contained information mainly in text or image format. Data and content were served from a 
static file system rather than a database, and sites didn’t have much interactivity at all. It was the Web of Read. Most of us have experienced the wonders of the 
web in its current form, which is referred to as Web2 (2000 to 2021). This stage of the internet took Web1 further by democratizing connections and transactions. 
In this era, the simplicity built into the interfaces and applications enabled anyone to become a creator. It’s the Web of Read and Write. As we experience the 
beginning of the Web3 era (2021 and beyond), applications will not run on a single server or store data in a single database owned by central authorities. Instead, 
Web3 applications will either run on blockchains, decentralized networks of many peer-to-peer servers (nodes), or a combination of the two. Web3 has the 
potential to democratize participation on the internet, enabling people to Read, Write, and Own both their data and digital identity. Web 1.0 Web 2.0 Web 3.0 READ 
READ WRITE READ WRITE OWN Audience Audience Community AOL, Amazon TikTok, Instagram OpenSea, Discord Why Web3 Matters Web3 is a point of 
evolution beyond where we have been operating. It’s an extension of Web2, which incorporates the advanced technologies we see coming to fruition today. The 
idea of Web3 is not only to fuel the formation of the metaverse and expansion of cryptocurrency, but to touch on other major industries in our globally 
interconnected world. The ultimate goal of Web3 is to create a more connected and open digital world. Web3 does not require “permission,” meaning that central 
authorities will not decide who uses what services. Nor is there a need for an intermediary to facilitate virtual transactions between parties. Web3 theoretically 
better protects user privacy in certain ways because it’s these authorities and go-betweens in Web2 doing most of the data collection. There are a number of 
advantages that Web3 has the potential to offer. Decentralization: Intermediaries would be removed from the equation, and blockchains would provide a 
transparent platform where the rules are unbreakable and data is publicly recorded. Ownership of data: End users will regain control of data by creating a public 
record of all their activity on the blockchain. Information could then be shared on a case-by-case and permissioned basis. Potential for reduction in hacks and 
data breaches: As more businesses and enterprises enter the space, there will be a large need for added security. This new technology can provide enhanced 
security because data will be decentralized and distributed. With further development of the rules and regulations, there is potential for reduction in large-scale 
hacks and data breaches where hackers would need to turn off the entire network of servers and record every transaction on the blockchain to access 
information. Permissionless blockchains: Anyone could create an address and interact with the network. Users will not be barred on account of geography, 
income, gender, orientation, or a host of other sociological and demographic factors. While still in its early years, the mission behind Web3 is to create a 
decentralized web that creates new types of ownership, new ways of building trust and collaboration, and opens the doors to new possibilities. It has the potential 
to change how we interact with the web in the upcoming decades. Web3 is built on blockchain technology that validates user data, creates transaction 
transparency, and provides more secure payment options. Where Do We Go Next? The future is a decentralized, global marketplace. In the next unit, discover 
how Web3 is transforming industries and impacting businesses, society, and individuals alike. Resources Podcast: Cathy Heckle, Metaverse Marketing Blog: 
Future: Why Web3 Matters Article: Discord is the one app you need to be using—here’s what you need to know Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web3-the-future-of-the-internet/db0a368cedfa1c162cfcdd67658a959c_badge.png Web3: 
The Future of the Internet 100% Progress: 100% View more modules Skip to main content Web3: The Future of the Internet Understand the Technologies Behind 
Web3 Time Estimate About 10 mins Topics Learning Objectives The Building Blocks of Web3: Blockchain What Makes a Currency a Cryptocurrency? What Is an 
NFT? The Value of NFTs Smart Contracts and Wallets Resources Challenge +25 points Get help with this badge Provide feedback for this badge Understand the 
Technologies Behind Web3 Learning Objectives After completing this unit, you’ll be able to: Describe main components of Web3. Define NFT, blockchain, and 
cryptocurrency. The Building Blocks of Web3: Blockchain In today’s digital-first world, someone can buy a tweet, develop digital land, pay without a traditional 
currency, and track down data to the 1s and 0s, all from the comfort of their personal device. The innovative technology that enables this transparency is the 
blockchain. A blockchain is a system of recording information on a tamper-resistant digital ledger distributed across its entire network of computer systems. 
Each block on the chain contains transaction data that records each transaction on participants’ ledgers. The transactions are public and cannot be changed, 
tampered with, or erased once published. The idea of a blockchain came to life as a solution for accurate and fixed time stamps, similar to that of a notary. This 
fundamental aspect is still present in technology today. Blockchain is a type of distributed ledger technology (DLT), where these transactions are programmable, 
immutable, and anonymous. Blockchain is a distributed ledger technology that is programmable, anonymous, unanimous, distributed, immutable, and traceable. 
Blockchains are constantly growing as blocks (transactions recording verified information) are added to the chain through every transaction. This increases the 
security of the entire ledger. The more blocks on the chain, the more secure the entire system becomes. This also allows regulators to easily identify if one of the 
blocks was tampered with, making hacking nearly impossible. This is a young sector, and norms and standards are still emerging, including key issues such as 
sustainability. Companies, including Salesforce, have an opportunity to lead with values, and shape positive norms and benchmarks for using NFT and 
blockchain technology sustainably. One key challenge in this space is related to sustainability. Many of the first generation cryptocurrencies (including Bitcoin) 
rely on proof-of-work (PoW) blockchains, which require the use of energy (that is, work) to perform transactions. This has resulted in significant energy 
consumption and carbon emissions, with Bitcoin consuming as much power per year as the country of Thailand (as of February 2022), according to the 
Digiconomist. The industry is continuing to address sustainability issues as their technology evolves, as we’re seeing with new and upcoming proof-of-stake 
(PoS) blockchains. Based on current models, it’s believed that PoS blockchains drastically reduce the energy consumption seen by current-state PoW 
blockchains (by as much as 99.95% according to Olga Kharif’s Bye-Bye, Miners! How Ethereum’s Big Change Will Work, which appeared on Bloomberg.com in 
2021). Additionally, e-waste from PoW blockchain use may be eliminated by switching to PoS, which does not rely on physical hardware for securing the network. 
Companies and organizations exploring blockchain applications should put in place clear sustainability strategies to quantify, minimize, neutralize, and disclose 
environmental impacts resulting in net zero emissions while driving increased sustainability in the sector more broadly. Now that we’ve discussed the power, 
purpose, and impact of Web3, let’s look at how this technology is utilized in cryptocurrencies. What Makes a Currency a Cryptocurrency? The simple answer is 
that a cryptocurrency is a nontraditional digital currency built on the blockchain. To expand on this, let’s look at how cryptocurrencies came to be. On October 31, 
2008, Satoshi Nakamoto sent a paper to a group of cryptographers familiar with blockchain technology outlining a new form of “electronic cash” called Bitcoin. 
In this paper he outlined how the distributed ledger technology (DLT) was combined with several other technologies and concepts to create the cryptocurrencies 
of today. These digital currencies are essentially electronic cash protected through cryptographic mechanisms instead of a central authority like a bank, 
company, or government. Blockchain technology is the foundation of modern cryptocurrencies, most commonly referred to as crypto. They got their name 
because of the heavy usage of cryptographic functions paired with the decentralized ledgers. This system allows someone to purchase, trade, and own a variety 
of things, including NFTs and real estate. And with more integration into our financial system, many more applications can be expected. Next, let’s explore the 
role of NFTs in the Web3 ecosystem. What Is an NFT? An NFT (nonfungible token) is a digital asset that represents either digital or physical objects like art, 
music, event tickets, videos, and more. They’re backed by smart contracts, which allows them to have distinctive properties such as secondary sales and 
transferable value. Here’s how NFTs work. NFTs exist on a blockchain, which is a distributed public ledger that records transactions. NFTs are blockchain 
agnostic, meaning they can be built on a variety of blockchains. An NFT is created, or “minted” from digital objects that can represent both tangible and 
intangible items. An NFT can have only one owner at a time, and an NFT’s unique data makes it easy to verify the creator and owner, and enables token transfer 
between owners. The creator writes a smart contract that defines the use and royalties of the NFT. The Value of NFTs So why buy an NFT, since anyone can copy 
an image or a video with an internet search and a few clicks? Well, buying an NFT gives proof of ownership of a unique digital asset, which can include virtual 
goods, in-game items, digital art, and more. Because they are built on the blockchain, the transaction and ownership history is public. This information is 
validated and records authenticity of the seller and the sole ownership. Just like with a physical asset, this can be collected, traded, or sold. In the case of digital 
art or when purchasing NFTs in secondary marketplaces, buyers should follow best practices to avoid potential scams and other risks. (More on this in a later 
unit.) This technology enables trust and transparency between the buyer and seller by having full access to the historical transactions. The transparency 
provided by the public records can give the buyer insight into the seller's transaction history. As this technology develops, we’ll see companies creating products 
that will verify a seller or provide a risk rating based on past digital interactions. Anyone can search online and find an image, video, or NFT for that matter, and 
download it to a device. But that’s just saving a copy of the file, not obtaining rights to the digital ownership of the file. For example, there are a lot of copies of 
Van Gogh’s Starry Night painting, but there’s only one original Starry Night. In theory, NFTs offer collectors the ability to own the digital rights to a piece of art, 
similar to owning the original Starry Night. (Note: This does not account for creators who copy and repost the original artist’s work as their own. These artists are 
infringing on copyright and can face serious penalties.) Brand-new experiences are being built around rare digital and physical goods through the use of NFTs. 
Given that any digital thing can be an NFT, there are several possible use cases. Some companies have already capitalized on this idea, doing things such as 
launching an NFT system to verify the authenticity of sneakers, or creating NFTs from video clips of landmark sports moments so fans can own the best plays. To 
demonstrate NFTs’ utility, here are a few more use cases. We may continue to see more as time and technology progress. Gaming asset: NFTs can be used as 
characters in video games and possess gamification capabilities. For example, games have allowed players to purchase NFTs that serve as their game avatars. 
And as players play, they can earn more NFTs, such as an ultra-rare shield to help them in battle or a new accessory to deck out their avatar. Key: NFTs can act 
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as key to unlocking content, like a subscription to a sports or news magazine. Only the holders of the NFT are able to access the articles, updates, and statistics 
in the publication. Digital twin: NFTs can be purely digital; however, some projects have allowed the creation of digital twins. This can be something like offering 


virtual clothes that can be worn in the metaverse or Sending an identical physical object to NFT owners. iP ownership: Projects can allow members to own the 
intellectual property of their NFT. The owner doesn't have to ask the NFT creator to use their avatar—they have the ability to create an entire business around the 
NFT. Governance/voting: NFTs can give owners voting rights on upcoming promotional merchandise and new platform/product releases, among other things. 
NFTs can create authenticity, establish value, democratize access to global markets, and build community. Let’s take a deeper look at how NFTs use smart 
contracts and wallets. Smart Contracts and Wallets How does someone actually use cryptocurrency to buy an NFT? Let’s start by understanding how these 
transactions are tracked with smart contracts and how users employ wallets to buy and hold onto their NFTs. First let’s go over a few NFT-related terms. Smart 
contracts: These are simply computer programs (a few lines of code), stored on a blockchain, that run when predetermined conditions are met. They can be 
viewed as an application of Web3. They’re typically used to automate the execution of an agreement (or contract), so that all participants can be immediately 
certain of the outcome, without any intermediary involvement or time loss. They can also automate a workflow, triggering the next action, when certain 
conditions are met. Wallets: A wallet is an app (or plugin), which enables users to access/retrieve, send, and receive digital assets. When a user acquires 
cryptocurrency, such as Bitcoin or Ethereum, they can store it in a wallet and from there use it to make transactions. There are two types of wallets. A custodial 
wallet is one created and secured by someone other than the true owner—for example, an account set up on Coinbase. A noncustodial wallet is one consumers 
create, own, and manage themselves. They often live directly within browsers (hot) or on offline devices (cold storage). Users self-manage security. Smart 
contracts are used to protect buyers and sellers with automated contracts that are programmed to execute when certain conditions are met. These agreements 
can’t be changed or disputed once executed because smart contracts are immutable, distributed, and public. With the ability to track when and to whom all NFTs 
are sold, smart contracts make purchasing NFTs at scale possible. This creates many possibilities, like enabling royalties for the original creator of an NFT, and 
offering protection for buyers. To actually purchase an NFT, a buyer needs a wallet. There are many kinds of wallets, both custodial and noncustodial, each with 
pros and cons. Metamask, for example, is a noncustodial, browser-based wallet that’s currently the most popular to use with OpenSea, a popular NFT 
marketplace. With the rising popularity of NFTs and marketplaces, buyers should look into which wallet fits their needs best for security, ease of use, and 
compatibility with their marketplace of choice. Wallets enable new capabilities for brands and users to interact. A few new possibilities include: New identity: 
Users may connect to a site and then provide access to any relevant information they want to share with the company for personalization. This provides a key to 
access the data, rather than sharing it. New experiences: In the near future, users may be able to have a wide range of assets in their wallets, essentially creating 
virtual versions of themselves. These 3D representations will allow them to try clothes on in real time and see the fit on their virtual selves. New ways to sign in: 
In the future, users may use NFTs on sites rather than passwords. Held in wallets, the NFTs will grant access without the need to remember passwords or have 
personal information stored in a brand’s network. Now that you’ve learned about blockchain, crypto, and NFTs, let’s explore how all of these technologies can 
come together in the metaverse to create distinct digital experiences made possible through the engagement and participation of the evolving Web3 community. 
Resources Article: Bye-Bye, Miners! How Ethereum’s Big Change Will Work Article: Cryptography Definition PDF: Blockchain Technology Overview Podcast: 
NFT Hype Podcast: NFT Now Podcast: Unchained Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web3-the- 
future-of-the-internet/db0a368cedfa1c162cfcdd67658a959c_badge.png Web3: The Future of the Internet 100% Progress: 100% View more modules Skip to main 
content Web3: The Future of the Internet Build Community in Web3 Time Estimate About 5 mins Topics Learning Objectives Where Worlds Collide: The 
Metaverse Community Comes First Decentralized Autonomous Organizations Decentralized Apps (dApps) Bringing It All Together Resources Challenge +50 
points Get help with this badge Provide feedback for this badge Build Community in Web3 Learning Objectives After completing this unit, you’ll be able to: 
Describe and define the metaverse. Describe main components of the Web3 community. Explain the utility of DAOs and dApps in building community Where 
Worlds Collide: The Metaverse As we’ve discussed, we’re in the early days of a new version of the internet called Web3. It’s being built on trusted, decentralized 
technology accessible to all. Platforms, apps, and data won't belong to large platforms—they’Il belong to users. Some people are calling this new internet the 
metaverse. The metaverse is a new reality that reimagines how we interact with the world around us. Playing Fortnite or roaming around Roblox are great 
examples of Web2 metaverses, the difference is that the Web3 metaverse is backed by the chain. The terms metaverse and Web3 have been used 
interchangeably, but they have inherent differences. According to Oxford Languages, the metaverse is “a virtual-reality space in which users can interact with a 
computer-generated environment and other users.” Users will only be able to jump between digital worlds with ownership of their assets intact if the metaverse 
is operating on a decentralized platform. Web3 enables a more equitable metaverse, allowing for true ownership (and interoperability) across many 
metaverses/gamescapes and virtual realities. For example, a sword bought for one game could now be used in another. The metaverse is where the Web3 
community comes together to connect, learn, game, and engage with people around the world. Community Comes First Community and collaboration is central 
to Web3, providing a foundation that improves the likelihood of success and maintains relevance of a project, idea, event, and so forth. The strength of an online 
community’s network is not only determined by how many people make up the community, but also the participants’ engagement on social media and 
community discussion forums. The decentralized nature of blockchain emphasizes the importance of community as a pillar of the next generation of internet. So 
where are these communities if everything is decentralized? The short answer is, they’re everywhere around the world. They’re communicating via messaging 
platforms and social media, and organizing live events to attend together. Having tremendous reach and engagement across Discord, Twitter, and Telegram, 
these communities of diverse individuals are able to have a real impact. Since the foundation of these communities are messaging based, users are more 
engaged with content on the platform and have deeper connection to the people and content. They’re participants rather than simply users. One way 
communities come together in Web3 is through DAOs and dApps. Keep reading to learn about these two functions of Web3. Decentralized Autonomous 
Organizations A decentralized autonomous organization (DAO) is a group or collective made up of individuals who organize around a common purpose. They’re 
managed by smart contracts, powered by tokens, have a shared treasury, and are governed by community voting. Examples range from the development of 
open-source software to a crowd-sourced attempt at purchasing the US Constitution. DAOs are to Web3 what open-source projects are to Web1. DAOs are made 
up of people who share common goals and objectives, visions, and values. These groups unite to produce products or deliver services, and 
members/contributors are rewarded for their contributions to the collective. DAOs represent a framework for community and shared responsibility—what 
companies represent in the context of Web2. This framework might very well function as the underpinning for the future of work (the next era of the gig 
economy). Decentralized Apps (dApps) Next, we have decentralized apps (dApps), which are applications (software), built on a decentralized network 
(blockchain), which combine a smart contract and a front-end (UI). dApps use the same front end as Web2 apps, but rely on blockchain technology rather than 
centralized servers or other centralized databases. Web2 applications like Instagram or Twitter differ from Web3 applications in that they’re owned/operated by 
centralized authorities (for example, companies like Meta). In the case of Web3 applications, no central authority or governing body has absolute control or 
governance rights when it comes to data recorded on/by the network. Instead, the data is verified by a decentralized peer-to-peer (P2P) network of computers. In 
the future, we can expect that media, gaming, and finance industries will see a significant shift toward dApps, as they provide greater ownership for creators, 
enable play-to-earn, and create faster and more secure transactions. Bringing It All Together Each of these technologies—blockchain, cryptocurrencies, 
metaverses, DAOs, dApps—are paving the way for significant changes in our personal and work lives. But it’s the combination of these technologies that 
provides the foundation for Web3. We can easily imagine a bright and shiny future powered by the increasing use cases and applications of blockchain 
technologies, but if we’re not careful, these can be a destabilizing force for society. The same way that the two previous internet revolutions had positive and 
negative impacts, new technologies in Web3 carry potentially negative repercussions. Putting the control in the wrong hands can alter our future in undesirable 
ways if the goals are not aligned with the common good. It’s a new era. Governments, business leaders, the scientific community, and citizens need to work 
together to define the paths, lead with values, and direct the technologies of Web3 to create sustainable applications and a more equitable, diverse, and inclusive 
society. Read on to learn more about approaching Web3 with ethics, trust, and safety at the forefront. Resources Salesforce Blog: NFTs, the Metaverse, and 
Digital HQs—Salesforce Execs Share 2022 Predictions Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web3- 
the-future-of-the-internet/db0a368cedfa1c162cfcdd67658a959c_badge.png Web3: The Future of the Internet 100% Progress: 100% View more modules Skip to 
main content Web3: The Future of the Internet Learn About Trust and Safety in Web3 Time Estimate About 10 mins Topics Learning Objectives Background The 
Challenges of an Emerging Web3 Landscape The Early Days of Regulation Safety and Security in Web3 Ways to Protect Yourself Best Practices Conclusion 
Resources Challenge +25 points Get help with this badge Provide feedback for this badge Learn About Trust and Safety in Web3 Learning Objectives After 
completing this unit, you’ll be able to: Articulate the ethical principles for Salesforce’s Web3 product innovation. Identify potential downsides and risks in Web3. 
Identify strategies and best practices for keeping safe and secure in the Web3 space. Background Blockchain, cryptocurrency, and NFTs are driving innovation 
and commerce at scale. As with any early stage technology, potential outcomes can be unknown. Which is why it’s critical for those innovating in this space to do 
so in a responsible, ethical way. If we want Web3 to improve the lives of everyone within the ecosystem, not just a handful of people at the top, we need to design 
it in a values-led way. Principles-Led Product Innovation At Salesforce, we believe that products in the Web3 space should be created with these principles in 
mind. Trust and Security. We will embed best-in-class brand and consumer protections, identifying—and preventing the use of the product for—fraud, force, or 
fear. Sustainability. We commit to quantify, disclose, minimize, and neutralize environmental impacts resulting in net zero emissions while driving increased 
sustainability in the sector more broadly. Equality. We will provide guidance and guardrails to ensure fairness, diversity, and empowerment of customers and 
consumers. Accountability. We will empower the end-user with explainable governance and engage stakeholders in ongoing evaluation. Integrity and 
Transparency. We commit to share clear, precise communication about the product and create trusted experiences and marketplaces where safety is top of mind. 
We believe that by leading with our values, we can help guide this new space in a positive direction. The Challenges of an Emerging Web3 Landscape While there 
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is much to be excited about when it comes to Web3, there’s also reason to proceed with a degree of caution as the space grows and matures. Here are some of 
the known and potential risks within the ecosystem. Speculative Bubbles The Dutch tulip mania from 1634 to 1637 is the classic example of a significant 
difference between the financial vaiue of an asset and its intrinsic value. it created a speculative bubbie, which Saw the price of tulips reach incredibly high ieveis. 
There have been many such bubbles since, and some claim that Web3 is in such a moment. Price Volatility Assets in Web3 are susceptible to price volatility, 
since Bitcoin and other cryptocurrencies can be argued to have no intrinsic value. And unlike other traditional currencies, they aren’t backed by a government or 
central bank. As a result, their price is driven only by supply and demand. As their value increases, this success may attract new investors, sending prices 
upward. On the flip side, a negative event or even a tweet can drive prices downward. Lack of Diversity NFTs sit at the intersection of two historically white and 
male dominated industries: visual art and crypto. The bulk of NFT sales—roughly 77%—are flowing to male creators while only 5% of sales go to female artists. 
Similarly, it’s posited that the average NFT purchaser is a 38-year-old male who makes over $100,000/year. This poses an issue for promoting equality and 
inclusion. If most of the NFT community is male and white, there is market pressure to create NFTs that mirror this population and create barriers to entry for 
nonwhite, nonmale folks to get involved in the space. Lack of Privacy One of the benefits of cryptocurrency is it allows for anonymity. Connecting one’s identity 
to a wallet is optional, and many people prefer to keep their cryptocurrency wallet address private for good reason. Imagine if, when you sent digital payment to a 
lunch partner for your half of the meal, they could now see every other transaction you’d ever made—and not just on that platform, but the ones you made with 
your credit card, bank transfer, or other apps, and with no option to set the visibility of the transfers to “private.” Immutability Another feature of blockchains is 
their immutability: Once data is written to the blockchain, it’s there forever. While this has many useful applications, such as for storing transaction records, it 
can be a challenge for user-created data, particularly when considering online abuse and harassment. If someone stores harmful, inflammatory or hateful 
material on a blockchain, it cannot be removed. The platforms might be petitioned to hide the content, but the offensive content would still remain on the chain. 
Lack of Third-Party Protection Third-party intermediaries, like banks or credit unions, play a critical role in safeguarding customers’ interests. Banks, for 
example, have ways of detecting activity by malicious actors, and consumers can challenge fraudulent transactions on their credit cards. When transactions take 
place without a third party, customers have no one to whom they can appeal for help. For example, if someone loses their private key—which functions like a 
password—then owners can no longer access their wallets, with no recourse. In January 2021, The New York Times reported that $140 billion worth of bitcoin is 
locked in wallets whose private keys have been lost or forgotten. The Early Days of Regulation Today, cryptocurrencies and NFTs are largely exempt from legal 
and financial regulation, which means there is little or no protection for those who create, invest, or trade in them. For example: Data Hosting and Storage: An 
NFT and the digital asset it represents are usually stored separately. The NFT is stored on the blockchain and contains information about where the digital asset 
is located, but the NFT could be deleted or the server hosting it could fail or be hacked. This would make the NFT worth little or nothing—and the law has not yet 
addressed what rights the NFT owner would have in such a situation. Data Protection: NFTs may contain personal information that is subject to data protection 
laws. Some of these laws—like GDPR (the EU’s General Data Protection Regulation)—allow individuals to erase or amend their personal data. However, NFTs are 
linked to the blockchain, where that is impossible (immutability!). These issues of security and data sharing for NFTs have so far received little consideration. 
Intellectual Property Rights: The buyer of an NFT may erroneously think they own the actual art associated with the NFT. In reality, the only person with the right 
to copy, distribute, alter, or publicly display the art is its original creator. There is the possibility that a disgruntled NFT buyer may bring legal action if they feel 
that there was misrepresentation when they were sold the NFT, as they believed they were buying the copyright. Taxation: The US and other nations have little or 
no legislation in this regard, nor any official advice relating to NFTs and tax. While it can be expected that profits and losses relating to NFTs would be liable for 
capital gains tax, and that the NFTs themselves would be considered assets for the purposes of other taxes—including inheritance tax—the official position has 
yet to be confirmed. Safety and Security in Web3 Beyond the dynamics noted, there are a number of scams and frauds that are perpetrated in the NFT space, and 
it’s useful to be able to recognize and avoid them. Here are the six most common. Type Description Rug pull The originators of a crypto project take the capital 
raised from a token sale and disappear. Pump and dump A particular crypto asset is hyped, leading to a short-term spike in the asset’s price as buy orders flood 
in. The instigators then sell off their holdings, triggering a crash, with other investors left “holding the bag.” Wash trading The price of a crypto asset is artificially 
inflated by repeatedly trading it between wallets controlled by the same individual or group. Ponzi scheme Capital from later investors in a crypto asset is used to 
pay returns to earlier investors. Hacking Protocols or wallets are hacked and owners’ crypto assets stolen. Phishing Attackers use social engineering techniques 
to trick a target into revealing information that can be used to gain access to their crypto assets. Ways to Protect Yourself How to Spot a Scam As a user, the first 
step of prevention is to keep your eyes peeled for potential signs of scams. Here’s how to recognize some common, dubious tactics. Phishing: Users get a 
seemingly legitimate email from a platform or exchange they frequently use, with a malicious link embedded that lures them to make a transaction. Or it may 
even inject malware that scans for seed phrases stored in laptops. Hacking: Hackers sometimes airdrop malicious NFTs to user accounts as a Trojan Horse. 
Interacting with these malicious NFT airdrops prompt the user to sign a message that allows hackers to gain access and drain the account. FOMO: A cool new 
project comes up with a timer counting down on the purchase page, inducing serious FOMO (fear of missing out). When the user signs the transaction and 
makes that purchase, hackers obtain access to their wallets. Unknown to the user, the purchase page was linked to a scam URL. Protect Your Seed Phrase and 
Secure Your Device A seed phrase is a group of words that are used to restore a crypto wallet. A seed phrase looks like this: rebuild-glow-language-lady- 
mushroom-poverty-episode-slow-meat-analyst-knee-output-oblige-couch-tilt It’s very important to keep this phrase private and secure, since anyone with your 
seed phrase can use it to take over your wallet. This is where hackers come in and use various methods, including social engineering, to try and steal your seed 
phrase. One form of this is a scam where they pretend to be support staff from a marketplace or crypto business and ask for your details like your seed phrase 
or Metamask recovery QR code. Even experienced crypto-natives have fallen for these types of scams. Whenever someone asks you for this information, it 
should immediately set off alarm bells in your head. Whatever type of wallet you use, take caution and practice a security-conscious approach to keeping your 
device and browser clear of any potential malware. This includes doing due diligence on websites you interact with, keeping your software up-to-date with 
security patches, and ignoring emails, links, or DMs from strangers. Best Practices Now that you’re aware of potential risks, let’s discuss how to mitigate them! 
Here are our overall best practices for staying safe in the new Web3 reality. Always visit the original website—a trusted, first-party marketplace—for any sale or 
offer. Only download applications and software from the originating source. If you’re using them, disable direct messages on Telegram and Discord from people 
who are not on your friends list. Never click any link sent to you from an unverified source without properly checking it. Never send your seed phrase to anyone. 
Never open an email link that looks suspicious. Never install any file with a “.exe” or “.scr” extension sent to you by an unknown sender. Never fill your wallet 
password and seed phrase into any form that you are not sure of. Store your cryptocurrency in a cold wallet or have multiple wallets (separating your daily use 
wallet from the wallet where you keep the bulk of your funds). Generate your keys securely—on a newly reset, offline device if possible. Keep your device, such 
as mobile phone or desktop, clear of malware and update frequently to the latest security patch. Make sure you interact only with audited smart contracts. 
Disconnect your wallet after every transaction. Be vigilant—always double-check your transactions, recipient addresses, and browser URL. Use common sense 
and trust your intuition—if something seems too good to be true, well, it just might be. Conclusion As a company, Salesforce is deeply committed to creating 
technology with ethics and inclusion built-in—not bolted on. Our Office of Ethical and Humane Use actively partners with our product and engineering teams to 
approach product development with intention, identifying risks and innovating new solutions with our values at the core. The potential risks should not stop you 
from exploring and interacting with crypto and NFTs. There’s a world of opportunity out there, but just remember to take the necessary steps to protect yourself 
and proceed with caution. Resources Podcast: Crypto Security and the New Web3 Mindsets for Users Podcast: Reply All: The Rainbow Chain Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web3-the-future-of-the- 
internet/db0a368cedfa1c162cfcdd67658a959c_badge.png Web3: The Future of the Internet 100% Progress: 100% View more modules Skip to main content Data 
Privacy Learn Data Privacy Laws and Regulations Time Estimate About 10 mins Topics Learning Objectives Privacy Introduction Why Privacy Matters Privacy 
Terminology Privacy Laws Customer Contracts and Service Level Agreements International Privacy Certifications and Standards Privacy Policies Sum It Up 
Resources Challenge +50 points Get help with this badge Provide feedback for this badge Learn Data Privacy Laws and Regulations Learning Objectives After 
completing this unit, you’ll be able to: Explain the importance of data privacy. Describe how privacy laws apply to your organization. Outline customer 
expectations regarding privacy. Privacy Introduction As a security professional, it’s important to stay informed of the latest privacy laws that apply to your 
organization, especially if your organization handles customers’ personal data. Why is this so important? Ensuring your customer and employee data is 
protected is paramount to establishing and maintaining trust. In this module we’re going to review the tools for implementing an effective privacy program. If 
your organization stores and processes customer data, your customers trust you to protect, use, and process their data securely, in accordance with applicable 
laws. This data can include personal data such as contact, healthcare, or financial information, or business-related information such as expenditures, marketing, 
or analytics data. Regardless of what type of data you process or store, it’s important to keep it safe. In addition to processing or storing customer data, your 
organization is accountable for its own data, including knowledge about prospective customers, employee information, financial data, and more. So how do you 
ensure this data is protected? For starters, you should be aware of and follow applicable privacy laws. We get into the details of these privacy laws here. To 
document compliance with applicable privacy laws and protect yourself and your customers, it’s a good idea to have agreements in place when you’re collecting 
customer data. These agreements should detail how your organization will keep customer data secure and confidential. As an example, most international 
airlines are required to attest on their public websites to how they protect a customer’s privacy, what data they collect, and why and how it’s collected, used, 
assessed, safeguarded, and stored. Why Privacy Matters Let’s step back for a moment and review the concept of privacy and what it means. Privacy relates to 
how a piece of information—or data— should be managed and protected based on its relative importance. Data privacy has become a hot topic lately due to 
lapses in security and concerns about how companies are using the customer data they collect. Data privacy concerns are particularly important for companies 
in certain sectors such as finance and healthcare. These sectors contain sensitive information and are typically highly regulated. They also are increasingly 
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targeted by cyberattacks, which if successful may result in not only loss of this data, but also loss of confidence by consumers. Let’s look at an example. When 
you apply for a credit card, you’re typically required to provide your legal name, birthdate, address, government-issued identification number, and annual 
income. Thai’s a iot of information! Not oniy is this information used to verify your identity, but it aiso aliows the credit card company to check your credit history. 
This information is considered your personal data, and the credit card company is required to put security measures in place to protect it. In this example, 
privacy means that the credit card company is responsible for protecting your personal information against unauthorized disclosure, that they’re transparent 
about how they use your personal data, that they use the data in accordance with applicable laws, and that you agree to the use of your data for a certain 
purpose. A laptop shows a person applying for a credit card online, with a file folder filled with dollar signs, and credit cards, overlain by a shield. Privacy 
Terminology Before we dive deeper into privacy laws, let’s review some basic definitions. Customer data: The information a customer provides while interacting 
with a business whether via a website, mobile application, social media, and more. Data subject: An individual whose personal data is collected, held, or 
processed. Personal data: The data that is directly attributable to a data subject and can identify an individual such as a name, home address, or personal 
identifier (for example, passport number). Sensitive personal data: Some types of personal data are considered sensitive and are subject to stricter regulation. 
This may include data about race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data 
concerning health, or data concerning a person's sex life or sexual orientation. Processing: Any operation or set of operations on data (for example, access, 
collection, recording, retrieval, copying, storage, disclosure, dissemination, and so on). Controller: An individual or entity that determines the purposes and 
means of processing personal data. Processor: An individual or entity that processes personal data on behalf of a controller. Custodian (or handler): The 
individual responsible for the safe custody, transport, and storage of the data, and implementation of business rules. Data Protection Authority (DPA): National 
authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union. Your 
organization can act as both a processor and a controller, depending on the situation and the data involved. It’s helpful to think of the roles of processor and 
controller in relation to the allocation of responsibilities between parties. Your customers can be both controllers and processors. However, your organization 
always acts as a processor when a customer submits data to you and as controller when you determine the means and purposes of processing the data. Privacy 
Laws Depending on where your organization operates, you may need to adhere to location-specific privacy laws. If your organization operates globally, it’s 
important to implement policy requirements applicable to the country of operation. For example, if your organization operates in Japan, you are subject to the Act 
on the Protection of Personal Information. Privacy laws exist to protect individuals with respect to their personal data. They also regulate how personal data can 
and cannot be used. Let’s take a closer look at what privacy laws address. Whether personal data can be collected and processed What and how information 
should be provided around data processing practices Who can access and use the personal data How personal data can be processed How the data should be 
secured When to delete or amend the data Who is allowed to transport or have custody of the data Where and how personal data can be transferred to other 
countries How security incidents are handled What rights data subjects have regarding their personal data Globally, there are two types of privacy laws: 
comprehensive (applicable to all industries and sectors) and sectoral (applicable to specific industries or sectors). In the US, the federal government has 
historically taken a sectoral approach. For example, there’s the Health Insurance Portability and Accountability Act (HIPAA), which is the US healthcare privacy 
law protecting data that reveals the health status of an individual (called protected health information or PHI). The only US national privacy law that exists is the 
Children’s Online Privacy Protection Act (COPPA), which regulates how online companies can collect and use data on children under the age of 13. In the 
absence of a comprehensive national privacy law, several states have taken the initiative to enact their own privacy legislation, including: California - California 
Privacy Rights Act (CPRA) Virginia - Virginia Consumer Data Protection Act (VCDPA) Connecticut - Connecticut Data Privacy Act (CTDPA) Utah - Utah Consumer 
Privacy Act (UCPA) Colorado - Colorado Privacy Act (CPA) These states have either recently passed their own privacy legislation or are in the process of 
legislation. And many more states are considering doing the same. By passing their own privacy laws, these states provide their own protection for their 
constituents. In contrast, the European Union (EU) and the European Economic Area (EEA) take a more comprehensive approach through the General Data 
Protection Regulation (GDPR). GDPR is the EU’s and EEA’s privacy legislation and applies to all controllers and processors, irrespective of their industry or 
sector. However, there are also some sector-specific laws in Europe, such as for the telecoms sector. While not an exhaustive list, several other countries across 
the globe—including Japan, Australia, China, Canada, Brazil, Argentina, India, South Africa, and more—operate their own privacy laws, or are working on drafting 
them. Even though each country may have their own law, most privacy laws across the globe are based on the same core principles. Fairness and Transparency 
Purpose Limitation Data Minimization Accuracy Data Deletion and Retention Security Accountability Individual Rights International Transfers Data Privacy 
Impact Assessments We take a closer look at these principles in the next unit. Customer Contracts and Service Level Agreements In addition to complying with 
privacy laws, organizations include privacy commitments in customer contracts or service level agreements (SLAs). These commitments detail ways your 
organization can use personal data, including those required by applicable law. International Privacy Certifications and Standards In addition to privacy laws, 
your organization may also be required to comply with certain certifications and standards that impose comprehensive privacy requirements. These 
certifications and standards vary by industry, but may include: International Organization for Standardization and International Electrotechnical Commission 
(ISO/IEC) 27001/27018, which provide requirements for information security management systems and for protecting personally identifiable information (PII) in 
public clouds acting as Pll processors Service Organization Control (SOC) reports, which help companies establish trust and confidence in their service delivery 
processes and controls TRUSTe certification, which enables organizations to demonstrate responsible practices consistent with standards for privacy 
accountability International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 27701, which is an extension to ISO/IEC 
27001 and ISO/IEC 27002 for privacy information management. It provides guidelines for the processing of Pll and helps organizations establish, implement, 
maintain, and continually improve their Privacy Information Management System (PIMS). Privacy Policies Your organization should abide by the commitments 
made to customers when you collect personal data from individuals. Also, your organization should maintain a privacy statement on your public website that 
describes the types of data you collect from users of your websites, and how you use and share that data. The commitments you make in that privacy statement 
should be similar to the ones you make in the contracts you sign with your customers. The same is true for internal privacy policies and employee notices that 
detail how you collect, use, share, and process employee data. Sum It Up You now have a better understanding of privacy concepts, laws, and customer 
expectations. In the next unit, we cover privacy principles and how you can apply them to protect your organization. Resources Trailhead: European Union 
Privacy Law Basics Trailhead: California Consumer Privacy Act Basics External Site: Text of EU’s GDPR PDF: Text of HIPAA External Site: EU: Who does the 
data protection law apply to PDF: EU: The GDPR: new opportunities, new obligations External Site: World Bank Group: Data protection and privacy laws External 
Site: Reuters: U.S. Data Privacy Laws to Enter New Era in 2023 External Site: NIST: Privacy Framework Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-privacy/930dfb4ad10160a9eb0ec33de5b127b0_badge.png Data Privacy 100% 
Progress: 100% View more modules Skip to main content Data Privacy Learn Data Privacy Laws and Regulations Time Estimate About 10 mins Topics Learning 
Objectives Privacy Introduction Why Privacy Matters Privacy Terminology Privacy Laws Customer Contracts and Service Level Agreements International 
Privacy Certifications and Standards Privacy Policies Sum It Up Resources Challenge +50 points Get help with this badge Provide feedback for this badge Learn 
Data Privacy Laws and Regulations Learning Objectives After completing this unit, you'll be able to: Explain the importance of data privacy. Describe how privacy 
laws apply to your organization. Outline customer expectations regarding privacy. Privacy Introduction As a security professional, it’s important to stay informed 
of the latest privacy laws that apply to your organization, especially if your organization handles customers’ personal data. Why is this so important? Ensuring 
your customer and employee data is protected is paramount to establishing and maintaining trust. In this module we’re going to review the tools for 
implementing an effective privacy program. If your organization stores and processes customer data, your customers trust you to protect, use, and process their 
data securely, in accordance with applicable laws. This data can include personal data such as contact, healthcare, or financial information, or business-related 
information such as expenditures, marketing, or analytics data. Regardless of what type of data you process or store, it’s important to keep it safe. In addition to 
processing or storing customer data, your organization is accountable for its own data, including knowledge about prospective customers, employee 
information, financial data, and more. So how do you ensure this data is protected? For starters, you should be aware of and follow applicable privacy laws. We 
get into the details of these privacy laws here. To document compliance with applicable privacy laws and protect yourself and your customers, it’s a good idea to 
have agreements in place when you’re collecting customer data. These agreements should detail how your organization will keep customer data secure and 
confidential. As an example, most international airlines are required to attest on their public websites to how they protect a customer’s privacy, what data they 
collect, and why and how it’s collected, used, assessed, safeguarded, and stored. Why Privacy Matters Let’s step back for a moment and review the concept of 
privacy and what it means. Privacy relates to how a piece of information—or data— should be managed and protected based on its relative importance. Data 
privacy has become a hot topic lately due to lapses in security and concerns about how companies are using the customer data they collect. Data privacy 
concerns are particularly important for companies in certain sectors such as finance and healthcare. These sectors contain sensitive information and are 
typically highly regulated. They also are increasingly targeted by cyberattacks, which if successful may result in not only loss of this data, but also loss of 
confidence by consumers. Let’s look at an example. When you apply for a credit card, you’re typically required to provide your legal name, birthdate, address, 
government-issued identification number, and annual income. That’s a lot of information! Not only is this information used to verify your identity, but it also 
allows the credit card company to check your credit history. This information is considered your personal data, and the credit card company is required to put 
security measures in place to protect it. In this example, privacy means that the credit card company is responsible for protecting your personal information 
against unauthorized disclosure, that they’re transparent about how they use your personal data, that they use the data in accordance with applicable laws, and 
that you agree to the use of your data for a certain purpose. A laptop shows a person applying for a credit card online, with a file folder filled with dollar signs, 
and credit cards, overlain by a shield. Privacy Terminology Before we dive deeper into privacy laws, let’s review some basic definitions. Customer data: The 
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information a customer provides while interacting with a business whether via a website, mobile application, social media, and more. Data subject: An individual 
whose personal data is collected, held, or processed. Personal data: The data that is directly attributable to a data subject and can identify an individual such as a 
name, home address, or personai identifier (for exampie, passport number). Sensitive personai data: Some types of personai data are considered sensitive and 


are subject to stricter regulation. This may include data about race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, 
genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation. Processing: Any operation or set of operations 
on data (for example, access, collection, recording, retrieval, copying, storage, disclosure, dissemination, and so on). Controller: An individual or entity that 
determines the purposes and means of processing personal data. Processor: An individual or entity that processes personal data on behalf of a controller. 
Custodian (or handler): The individual responsible for the safe custody, transport, and storage of the data, and implementation of business rules. Data Protection 
Authority (DPA): National authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations 
within the Union. Your organization can act as both a processor and a controller, depending on the situation and the data involved. It’s helpful to think of the roles 
of processor and controller in relation to the allocation of responsibilities between parties. Your customers can be both controllers and processors. However, 
your organization always acts as a processor when a customer submits data to you and as controller when you determine the means and purposes of 
processing the data. Privacy Laws Depending on where your organization operates, you may need to adhere to location-specific privacy laws. If your 
organization operates globally, it’s important to implement policy requirements applicable to the country of operation. For example, if your organization operates 
in Japan, you are subject to the Act on the Protection of Personal Information. Privacy laws exist to protect individuals with respect to their personal data. They 
also regulate how personal data can and cannot be used. Let’s take a closer look at what privacy laws address. Whether personal data can be collected and 
processed What and how information should be provided around data processing practices Who can access and use the personal data How personal data can be 
processed How the data should be secured When to delete or amend the data Who is allowed to transport or have custody of the data Where and how personal 
data can be transferred to other countries How security incidents are handled What rights data subjects have regarding their personal data Globally, there are 
two types of privacy laws: comprehensive (applicable to all industries and sectors) and sectoral (applicable to specific industries or sectors). In the US, the 
federal government has historically taken a sectoral approach. For example, there’s the Health Insurance Portability and Accountability Act (HIPAA), which is the 
US healthcare privacy law protecting data that reveals the health status of an individual (called protected health information or PHI). The only US national privacy 
law that exists is the Children’s Online Privacy Protection Act (COPPA), which regulates how online companies can collect and use data on children under the 
age of 13. In the absence of a comprehensive national privacy law, several states have taken the initiative to enact their own privacy legislation, including: 
California - California Privacy Rights Act (CPRA) Virginia - Virginia Consumer Data Protection Act (VCDPA) Connecticut - Connecticut Data Privacy Act (CTDPA) 
Utah - Utah Consumer Privacy Act (UCPA) Colorado - Colorado Privacy Act (CPA) These states have either recently passed their own privacy legislation or are in 
the process of legislation. And many more states are considering doing the same. By passing their own privacy laws, these states provide their own protection 
for their constituents. In contrast, the European Union (EU) and the European Economic Area (EEA) take a more comprehensive approach through the General 
Data Protection Regulation (GDPR). GDPR is the EU’s and EEA’s privacy legislation and applies to all controllers and processors, irrespective of their industry or 
sector. However, there are also some sector-specific laws in Europe, such as for the telecoms sector. While not an exhaustive list, several other countries across 
the globe—including Japan, Australia, China, Canada, Brazil, Argentina, India, South Africa, and more—operate their own privacy laws, or are working on drafting 
them. Even though each country may have their own law, most privacy laws across the globe are based on the same core principles. Fairness and Transparency 
Purpose Limitation Data Minimization Accuracy Data Deletion and Retention Security Accountability Individual Rights International Transfers Data Privacy 
Impact Assessments We take a closer look at these principles in the next unit. Customer Contracts and Service Level Agreements In addition to complying with 
privacy laws, organizations include privacy commitments in customer contracts or service level agreements (SLAs). These commitments detail ways your 
organization can use personal data, including those required by applicable law. International Privacy Certifications and Standards In addition to privacy laws, 
your organization may also be required to comply with certain certifications and standards that impose comprehensive privacy requirements. These 
certifications and standards vary by industry, but may include: International Organization for Standardization and International Electrotechnical Commission 
(ISO/IEC) 27001/27018, which provide requirements for information security management systems and for protecting personally identifiable information (PII) in 
public clouds acting as Pll processors Service Organization Control (SOC) reports, which help companies establish trust and confidence in their service delivery 
processes and controls TRUSTe certification, which enables organizations to demonstrate responsible practices consistent with standards for privacy 
accountability International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 27701, which is an extension to ISO/IEC 
27001 and ISO/IEC 27002 for privacy information management. It provides guidelines for the processing of Pll and helps organizations establish, implement, 
maintain, and continually improve their Privacy Information Management System (PIMS). Privacy Policies Your organization should abide by the commitments 
made to customers when you collect personal data from individuals. Also, your organization should maintain a privacy statement on your public website that 
describes the types of data you collect from users of your websites, and how you use and share that data. The commitments you make in that privacy statement 
should be similar to the ones you make in the contracts you sign with your customers. The same is true for internal privacy policies and employee notices that 
detail how you collect, use, share, and process employee data. Sum It Up You now have a better understanding of privacy concepts, laws, and customer 
expectations. In the next unit, we cover privacy principles and how you can apply them to protect your organization. Resources Trailhead: European Union 
Privacy Law Basics Trailhead: California Consumer Privacy Act Basics External Site: Text of EU’s GDPR PDF: Text of HIPAA External Site: EU: Who does the 
data protection law apply to PDF: EU: The GDPR: new opportunities, new obligations External Site: World Bank Group: Data protection and privacy laws External 
Site: Reuters: U.S. Data Privacy Laws to Enter New Era in 2023 External Site: NIST: Privacy Framework Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-privacy/930dfb4ad10160a9eb0ec33de5b127b0_badge.png Data Privacy 100% 
Progress: 100% View more modules Skip to main content Data Privacy Apply Data Privacy Principles Time Estimate About 10 mins Topics Learning Objectives 
Privacy Principles Sum It Up Resources Challenge +25 points Get help with this badge Provide feedback for this badge Apply Data Privacy Principles Learning 
Objectives After completing this unit, you’ll be able to: List 10 key privacy principles. Explain how the principles can be implemented in your organization. 
Privacy Principles Now that you have a good understanding of data privacy basics, let’s dive into some principles and how they apply to your organization. 
Although legal requirements vary globally, there are some common principles that provide the foundation for many privacy laws. Let’s delve into these principles 
which we introduced in the previous unit. Fairness and Transparency Organizations should process personal data lawfully, fairly, and in a transparent way. Your 
organization may implement this principle by processing personal data in accordance with applicable laws and the privacy commitments or service level 
agreements (SLAs) made to your customers and end users. As aforementioned, it’s also a good idea to publish a privacy statement on your website detailing 
what personal data is collected in your capacity as a data controller and why, including information collected through cookies and analytics. In your privacy 
statement, it’s important to indicate the information types that you will not collect. Ultimately, no matter how you receive privacy data, you should obtain consent 
before processing it. Purpose Limitation Organizations should process personal data only for specified, explicit, and legitimate purposes. At your organization, 
this means that anytime you collect personal data, you clearly communicate and are specific about how the data will be used. In most cases, if you want to use 
the data for something other than what was communicated, you must present a valid legal reason and seek permission before processing it. Data Minimization 
Organizations should only collect the minimum amount of data necessary for the processing purpose in question. Your organization shouldn’t collect personal 
data unless it’s necessary to perform your offered services. Under the General Data Protection Regulation (GDPR), personal data shall be “adequate, relevant 
and limited to what is necessary in relation to the purposes for which they are processed,” while the Healthcare Insurance Portability and Accountability Act 
(HIPAA) calls this the “minimum necessary” rule. So, how does data minimization work? Let’s say you’re building an internal mobile app for your organization’s 
complimentary shuttle bus offered to employees. The data the app needs to collect and process includes employee personal data such as their home and office 
addresses, and other basic information (that is, name and phone number). However, the app doesn’t need an employee’s date of birth, ethnicity, or health or 
financial information. Since this additional information isn’t required, you shouldn’t collect it. Accuracy Personal data should be kept accurate and up to date. As 
a service provider to your customers, your organization needs to make sure your systems contain accurate records and reflect customer changes to data when 
they occur. Any data that’s considered inaccurate must have mechanisms to immediately erase or correct it. Data Deletion and Retention Organizations should 
only store personal data for as long as it’s required and for the originally intended purpose. Your organization shouldn’t keep data for an indefinite period even if 
it may be used in the future. Clear time frames should be established for when data is deleted with rationale for why the data is retained for that length of time. 
For example, you may need to retain security log files for certain periods of time to identify and track malicious adversary behaviors. However, the period still 
must remain finite, with supporting rationale. You should also be aware of data retention laws for specific types of data, such as legal documents, within the 
country where your organization provides that service. Security Organizations should use appropriate technical and organizational security measures to protect 
personal data against unauthorized processing, accidental disclosure, loss, destruction, and alteration. Your organization needs to ensure that security systems 
adequately protect data. You can also help protect and secure the data you store through privacy enhancing techniques. Let’s discuss a few. Data segregation is 
the division of data into various data categories for the purposes of dividing or restricting access to different classes of data. Using this technique allows your 
organization to create separate access rules for datasets or different groups of users, ensuring that only authorized individuals have access. Encryption is a 
security method where information is scrambled into an unreadable format that can be accessed or decrypted only by a user with the correct key. Encryption 
protects the confidentiality of the data. Pseudonymization replaces the information that can identify a subject with pseudonyms or identifiers. It reduces the 
chance that personal data records and identifiers can identify an individual. Anonymization is the process of protecting private or sensitive information by 
erasing, obfuscating (masking), or encrypting it. It removes all identifiers associated with a person. Other security measures may exist at your organization to 
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support data protection. It’s recommended that all employees with access to computing systems receive privacy training regardless of position, and read and 
acknowledge employee acceptable use policies. Accountability Your organization should create policies and implement processes that demonstrate you’re in 
compiiance with privacy iaws, reguiations, and principies for data privacy. You shouid take measures to advance privacy through design and privacy by defauit. 


Privacy by design: Privacy by design occurs when an organization begins planning for a new or improved process, or activity, or when developing a new 
product, service, or feature. When your organization builds a new product, they should consider privacy policies and principles during the plan and design 
phase. It’s important to include all relevant stakeholders in this planning and design process, and legal teams, to make sure privacy is a priority and that your 
organization is abiding by the law. Privacy by default: Organizations should choose the most privacy-friendly default settings when collecting, processing, or 
storing personal data. For instance, if you were to sign up for an online social network account and plan to use one of its services, they may say they’re 
compliant with the privacy by default principle, requiring just your name and email address to function. However, if the social networking account immediately 
starts sharing your location or any other data outside of name and email address, they’re not adhering to the privacy by default principle. Individual Rights 
Privacy laws also detail a data subject’s rights to their personal data. These rights include: Data subject access request: Data subjects have the right to access a 
copy of any personal data a controller holds about them and receive confirmation that a controller is processing their personal data. They’re also entitled to 
details about the purposes of the processing, the categories being processed, how long the data is stored, and with whom the personal data has been shared. 
Right to object: Data subjects can, in certain cases, object to how their personal data is used. Data correction: Data subjects can request that their personal data 
is corrected or completed if it’s inaccurate or incomplete. Restriction: Data subjects can request that a company stop processing their personal data in limited 
circumstances. Right to deletion: Also known as “the right to be forgotten,” or under GDPR, the right to erasure, this empowers data subjects to request that a 
controller delete their personal data under certain conditions. Because the US is sectoral-based regarding privacy, most US privacy laws don’t have this right. 
One exception is the Children’s Online Privacy Protection Act (COPPA). Data portability: Where applicable to the type of processing, data subjects have the right 
to ask a controller to provide their personal data in an exportable format so they can transmit their data to another controller. Your organization’s obligation as a 
service provider is to assist your customers to manage these requests. As a controller, you’re responsible for complying with data subject requests, and the 
systems you use to manage personal data should accommodate such requests, including access, correction, deletion, and portability. International Transfers 
Certain countries and regions, such as the European Union (EU), restrict the transfer of personal data outside the country or region of origin unless the 
destination has implemented sufficient safeguards to guarantee the data is protected. If your organization operates internationally, you should implement 
measures that ensure you can legally transfer personal data across these boundaries. Globe with arrows going from one country to another, which symbolizes 
international data transfers Data Protection Impact Assessment When your organization collects, stores, or uses personal data, the individuals whose data 
you’re processing are exposed to risks. These risks range from theft with the intent to impersonate an individual, to accidental disclosure. Within GDPR, your 
organization is required to conduct a Data Protection Impact Assessment (DPIA). According to the Commission Nationale de I'Informatique et des Libertés 
(CNIL), a DPIA is designed to assess data likely to result in a high risk to the rights and freedoms of people, and to identify and minimize these risks as early as 
possible. Your organization may want to consider conducting a DPIA before launching data collection or processing activities that pose higher risks to data 
subjects. Sum It Up You now have a better understanding of privacy principles and how to apply them to your organization. In the next unit, you learn about 
customer data and the role that data custodians play to protect it. Resources External Site: CNIL: Privacy Impact Assessment Manual External Site: Forcepoint: 
What Is Data Encryption External Site: Trend Micro: What Is Pseudonymization External Site: Imperva: What Is Data Anonymization Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-privacy/930dfb4ad10160a9eb0ec33de5b127b0_badge.png Data Privacy 100% 
Progress: 100% View more modules Skip to main content Data Privacy Get to Know Customer Data and Your Data Custodians Time Estimate About 5 mins 
Topics Learning Objectives Customer Data What Is Not Customer Data Types of Data Custodians Knowledge Check Sum It Up Resources Challenge +25 points 
Get help with this badge Provide feedback for this badge Get to Know Customer Data and Your Data Custodians Learning Objectives After completing this unit, 
you'll be able to: Identify which information is considered customer data. Explain the difference between the two types of data custodians. Summarize what data 
custodians can and cannot do with data. Customer Data The way we define customer data is that it’s the information submitted by or on behalf of a customer 
directly to one of your services. Customer data can take several forms and include the following. Personal data Contact information Account information 
Marketing data Personal Data Personal data involves both personally identifiable information (Pll) and non-Pll. Pll is any information used to recognize or link an 
individual to an identity. It includes items such as first or last name, physical address, protected health information (PHI), location, age, and more. Non-PIl is 
anonymous information that can potentially identify more than one person (IP addresses, device identification, web cookies, and more). Contact Information 
Contact information provides the means to communicate with a person, such as a personal or business phone number or email address. Account Information 
Account information holds critical data about a customer’s user account, including name, order, billing, interaction, and credit information. Marketing Data 
Marketing data is any information that is of benefit to marketing teams, such as competitive intelligence, market research, commercial transactions, customer 
feedback, preferences and interests, and other metrics. A laptop displaying file folders with symbols for different types of customer data, including a dollar sign 
for account information. You should define customer data in your service level agreements (SLAs) to stay in sync with your customers on what is considered 
customer data and what rules apply to it. What Is Not Customer Data Not all data your customers provide to you is considered customer data. For example, 
information your customers share with you via any means outside of your offered services is not customer data. This may include information your customer 
shares with you before they sign up for your services, or information you obtain from publicly available sources or third-party content providers. Types of Data 
Custodians Now that you have a solid understanding of privacy laws, customer commitments, privacy principles, and what’s considered customer data, let’s 
introduce you to data custodians and discuss how they fit into the picture. There are likely two types of data custodians at your organization: personal and 
customer. Personal data custodians are those who access and handle personal data. Some examples of personal data custodians are: Salespeople who have 
access to customers’ and prospective customers’ personal data. Marketing personnel who manage email and digital marketing to individuals. Human resources, 
IT, payroll, security, managers, and other personnel who have access to employee data. Customer data custodians access and handle customer data (which can 
include personal data). These custodians are generally a selected group of employees within your organization who have access to customer data. Typically, 
customer data custodians fall under technical support operations or customer support. While there are some requirements that apply to both personal data 
custodians and customer data custodians, there are typically additional requirements that apply only to customer data custodians. That’s because customer data 
is subject to your customer contracts and SLAs, which may go beyond what privacy laws require. Let’s look at some baseline requirements for data custodians. 
Data Custodian Responsibilities Implement technical controls for safeguarding data confidentiality. Limit, authorize, and control access to personal and customer 
data. Maintain technical processes to sustain data integrity. Validate that data added to datasets are consistent with a common data model. Process, access, 
handle, or view personal or customer data as necessary to perform their duties. Adhere to policies on internal and external data sharing. If you’re unsure about 
sharing personal data outside of your organization, contact your legal department for assistance. Knowledge Check Ready to review what you’ve learned? This 
knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. 
When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset. Great work! Sum It Up In this unit, you learned 
about the baseline privacy requirements that apply to data custodians. In the next unit, you learn about data security incidents and reporting requirements. 
Resources External Site: Harvard Business Review: Be a Data Custodian, Not a Data Owner External Site: Indicative: What Is a Data Custodian Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data-privacy/930dfb4ad10160a9eb0ec33de5b127b0_badge.png Data Privacy 
100% Progress: 100% View more modules Skip to main content Data Privacy Report Data Privacy Security Incidents Time Estimate About 5 mins Topics 
Learning Objectives What Is a Security Incident? Reporting a Security Incident Security Incident Reporting Timelines Sum It Up Resources Challenge +50 points 
Get help with this badge Provide feedback for this badge Report Data Privacy Security Incidents Learning Objectives After completing this unit, you’ll be able to: 
Explain what constitutes a data privacy security incident. Identify potential data privacy security incidents. Know what to do when you suspect or know a data 
privacy security incident has happened. What Is a Security Incident? Many authorities around the world have adopted security incident notification laws, from the 
European Union (EU) to countries in Latin America (LATAM) to Japan and Asia-Pacific (JAPAC) regions to every United States (US) state and territory. Recently in 
the US, the president signed into law the Strengthening American Cybersecurity Act of 2022, which requires critical infrastructure companies to report 
significant cybersecurity incidents and all ransom payments to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). 
Depending on the country your organization operates out of, there are numerous incident reporting laws and regulations for specific industries such as 
government, healthcare, energy, telecoms, and financial services providers, with each adopting their own definition of what constitutes a security incident (or 
data breach). Depending on the security incident notification laws that impact your organization, your customer service level agreements (SLAs) or contracts 
should contain security incident notification requirements that apply to customer data. A data privacy security incident is any unauthorized use of personal data 
or customer data, whether accidental or intended. Consider these examples of common security incidents. A sales representative sends an email with customer 
data to the wrong customer. A manager prints a resume of a candidate, but on his way home, he leaves the document on the train. A former employee who has 
left the company still has access to your organization’s systems and accesses customer records. An intern opens an email attachment containing malware, 
which results in deleted or encrypted customer contact information. A shared drive is overly permissioned, granting too many people access to personal data. A 
customer’s credentials or secret keys are exposed on a public GitHub repository. An employee’s work device (for example, a laptop or smartphone) is lost or 
stolen. An employee accidentally discloses personal data in a response to an email that turns out to be part of a phishing attack. All these incidents qualify as 
potential security incidents and should be reported to your organization’s security team. Reporting a Security Incident If you suspect a potential data privacy 
incident, report it immediately, even if you’re not 100% sure the incident qualifies as a data breach or security incident. If your organization has an annual security 
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awareness training program in place, make sure to review it for up-to-date information regarding how to report suspicious activity or suspected security 
incidents at your organization. When reporting an incident, you should provide as much information as possible, including: What happened Who the individuals 
or groups invoived were The time, date, and time zone of when the incident occurred Which services were invoived or potentiaiiy impacted Point of contact for 


follow-up questions Security Incident Reporting Timelines Your organization may have a legal obligation to report data privacy incidents within a short time 
frame to regulators, customers, and affected individuals. You have an obligation to report security incidents immediately to your internal security team, to allow 
them time to investigate the incident and meet external reporting requirements. In some cases, failure to notify applicable parties of a data privacy incident within 
the required time frames can lead to substantial fines, a potential breach of your contractual obligations, damage to customer trust, and tarnishing of your 
organization’s reputation. As you can see, it’s critical to report all potential security incidents right away, even if you made the mistake that led to the exposure of 
personal or customer data. A stopwatch that symbolizes a ticking clock for reporting an incident Sum It Up In this module, you’ve been introduced to data privacy 
laws and principles. You’ve also learned how to identify customer data and who is allowed to handle that data. Lastly, you’ve been introduced to reporting 
requirements of data privacy incidents. Interested in learning more about cybersecurity careers and technologies? Head on over to the Cybersecurity Learning 
Hub to explore other security topics and hear from real security practitioners. Resources External Site: IT Governance USA: Data Breach Notification Laws by 
State External Site: Siteimprove: What Is a Data Breach and How Do | Report It Under GDPR? External Site: JODSUPRA: New Cybersecurity Law Will Require 
Cyber-Incident Reporting for Critical Infrastructure Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/data- 
privacy/930dfb4ad10160a9eb0ec33de5b127b0_badge.png Data Privacy 100% Progress: 100% View more modules Skip to main content Public Sector Data 
Security in the Cloud Get to Know the Public Sector Time Estimate About 10 mins Topics Learning Objectives Before You Start Overview of the Public Sector 
Public Sector Data Security Requirements Threat Actor Targets and Meeting Compliance Standards Sum It Up Resources Challenge +25 points Get help with this 
badge Provide feedback for this badge Get to Know the Public Sector Learning Objectives After completing this unit, you’ll be able to: Define the public sector. 
Describe the types of work performed in the public sector. List the reasons public sector employees are potential cybersecurity targets. Explain the importance 
of meeting compliance standards. List the risks resulting in the misuse of public sector data. Before You Start If you completed the Get Started with Cloud 
Security Engineering trail then you already know about cloud computing and how to design secure cloud solutions. Now, let’s talk about how to improve the 
security of public sector data in the cloud. Overview of the Public Sector The public sector consists of national, state, and local governments. These entities 
provide critical infrastructure like roads, bridges, and water. They operate public transportation. They administer elections. They even strengthen national 
defense and secure national security systems. In recent years, many public sector organizations have adopted digital technology to provide better service and 
more transparency for their citizens. However, this broad array of service offerings makes these public sector entities attractive to a variety of cybersecurity 
threat actors. A public sector employee in front of a public sector building, with a cloud in the background containing 1s and 0s To improve speed, scale, and cost 
of these digital technologies, many public sector organizations are migrating and modernizing some or all public services using cloud-based offerings. 
According to the National Institute of Standards and Technology (NIST), cloud computing is a model for enabling ubiquitous, convenient, on-demand network 
access to a shared pool of configurable computing resources—for example, networks, servers, storage, applications (apps), and services—that can be rapidly 
provisioned and released with minimal management effort. Cloud computing provides public sector organizations the flexibility and scalability to meet modern 
technology demands. These organizations may use their own cloud for internal resources. Or they can use the secure cloud services of a private company—also 
known as a cloud service provider (CSP)—approved specifically for public sector organizations. They can even use a distributed hybrid deployment model that 
employs a mix of public sector infrastructure and private cloud services. The shift to cloud computing has helped improve cybersecurity by taking advantage of 
the security expertise offered by CSPs. But it isn't without risk. Mapping out those risks and their impacts is critical to assuring the cloud and the data residing in 
it remains secure. Cloud Security Cloud security consists of a set of policies, controls, procedures, and technologies that work together to protect cloud-based 
systems, data, and infrastructure. These security measures are configured to protect cloud data, support regulatory compliance, and safeguard customers’ 
privacy. Cloud security responsibilities are shared between public sector organizations and CSPs in contrast to a public sector-owned and managed data center. 
Depending on the cloud configuration and licensing agreement, public sector users may have more or less control over how shared resources and data are 
accessed. It’s important to note that moving to the cloud does not transfer security responsibility to the CSP. While the CSP may operate certain security controls 
on the public sector organizaton’s behalf, the public sector customer is ultimately responsible for validating that they do so effectively. Cloud Service Models 
NIST defines the following cloud service models in order of level of management provided by CSP vendors. Infrastructure as a Service (laaS): Vendors provide 
the basic infrastructure and hardware. Platform as a Service (PaaS): Vendors provide a managed environment for a customer’s app. Software as a Service 
(SaaS): Vendors provide a fully managed app, and customers need only supply their data. When customer data is processed, stored, or transmitted off-premise 
and under the control of a third party, such as a CSP, the ability of the data owner to implement security controls is often limited. In cloud computing 
environments, the implementation of controls is largely dependent upon the type of service (laaS, PaaS, SaaS), the type of cloud deployment model (private, 
public, hybrid, multi-cloud), the type of controls (physical versus logical), and the specifications of responsibility delineated in the contract between the public 
sector organization and the CSP. It’s critical that public sector customers choose services accordingly and understand the risks and limitations of third-party 
control. Public sector organizations can outsource the functionality of a role, such as storage management, but must still verify security requirements like 
encryption are implemented. Whether you’re a private CSP employee or a public sector employee, if you have access to public sector cloud services, you have 
privileged access to critical infrastructure, networks, and data. Let’s dig a bit deeper into what makes public sector cloud security concerns unique. Public Sector 
Data Security Requirements Public sector cloud services have unique security compliance requirements. Data stored in a public sector cloud platform must be 
adequately maintained and secured to meet these special compliance requirements. As more organizations adopt the cloud, public sector organizations have 
created a number of security aids, standards, and regulations to safeguard those transitions. The table lists some regulations and standards that outline public 
sector data security requirements in the US. Regulation/Standard Description Federal Information Security Management Act (FISMA) of 2002 and Federal 
Information Security Modernization Act (FISMA) of 2014 Strengthens information security within US federal agencies by requiring them to implement information 
security programs to ensure their systems’ confidentiality, integrity, and availability NIST Risk Management Framework (RMF) Provides a framework for federal 
agencies, contractors, and other sources that use or operate a federal information system to develop and implement a risk-based approach to manage 
information security risk Federal Information Processing Standard (FIPS PUB 199) Outlines impact levels of data, which are are a way of categorizing the 
sensitivity of data and what controls are necessary to secure data of varying sensitivity levels NIST 800-53 Defines security controls for information systems 
(including cloud systems) containing public sector data, including access control, media protection, and physical and environmental protections Federal Risk 
and Authorization Management Program (FedRAMP) Defines security baselines for cloud services based upon the NIST 800-53 controls Department of Defense 
(DoD) Cloud Computing Security Requirements Guide Builds upon FedRAMP to tailor control baselines for DoD mission owners by providing a knowledge base 
for cloud computing security authorization processes and security requirements Here are some examples of security compliance requirements for public sector 
cloud services in other countries. India’s Ministry of Electronics and Information Technology (MeitY) provides requirements and guidelines for CSPs to register 
their services with the Indian government to be considered eligible to work with public sector entities in India. The Japanese government has a system called the 
Information System Security Management and Assessment Program (ISMAP) for assessing the security of CSPs to participate in public sector projects. The 
Australian Signals Directorate (ASD) has an Information Security Registered Assessor’s Program (IRAP) framework, which assesses the implementation and 
effectiveness of an organization’s security controls against the Australian government’s security requirements. Discover more comprehensive compliance 
certifications and attestations. No matter the country, cloud security compliance requirements put in place data location constraints, requirements for identity 
management, privacy, confidentiality, integrity, and availability (CIA), and more. Threat Actor Targets and Meeting Compliance Standards Whether you’re a private 
CSP employee or a public sector employee with access to critical security systems, infrastructure, networks, and accounts, you’re a primary target for 
cybercriminals and foreign intelligence organizations. Combating all such threats is critical to national security and a well-functioning civil society. As a critical 
part of an organization’s defenses, you play an important role in protecting privacy and security. As someone with access to public sector data, you need to be 
aware of, understand, and follow the increased security, privacy, and compliance measures that platforms containing this data require, and what threats to public 
sector cloud services may look like. This requires validating on an ongoing basis that the security controls you’ve selected are actually implemented and 
functioning properly. Luckily, CSPs provide a range of features and services that public sector customers can use to build cloud solutions to meet their security 
needs. Risks of Misuse of Public Sector Data There are varying levels of risk to public sector data if the CIA of the data is compromised. Depending on the type of 
information breached, a victim can suffer social, economic, or physical harm. If an identity thief gets hold of the compromised information, the victim may face 
financial loss, damaged credit, compromised medical records, threats, or harassment. If public sector data is misused, your organization can also suffer 
financially. If the root cause of data loss is due to your organization not adhering to laws and regulations, your organization or its staff can be subject to criminal 
or civil penalties, or incur additional costs associated with responding and recovering from the incident, including having to fund credit monitoring for your 
customers. Your organization can also be required to receive close scrutiny from regulators. In the end, organizations can put their public reputation at risk and 
shatter public confidence if they don’t protect public sector data. As someone with access to public sector data, it’s your responsibility to review and assess the 
risks associated with misuse of public sector data, and do your part to minimize them. Sum It Up Now that you understand more about the public sector and why 
users dealing with public sector data are potential cybersecurity targets, let’s take a look at one specific type of threat to public sector data security: insider 
threat. Resources Trailhead: Get Started with Cloud Security Engineering Trailhead: Cybersecurity Threats and Threat Actors External Site: National Institute of 
Standards and Technology (NIST): SP 800-145 The NIST Definition of Cloud Computing External Site: Cloud Information Center (CIC): Cloud Security Quiz 
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points Get help with this badge Provide feedback for this badge Identify Insider Threats to Public Sector Data Learning Objectives After completing this unit, 
you'll be able to: Explain the concept of insider threat. Define insiders and insider threat categories. Identify ways insider threats can happen at your 
organization. Explain ways you can defend yourself from insider threat. Identify insider threat and security reporting recommendations. What Is Insider Threat? 
An insider is any individual who has access to your organization’s facilities, systems, technology, customer data, or staff. Insiders can include public sector 
employees, former employees, contractors, subcontractors, and even customers. As more information is stored in the cloud, staff with access to these systems 
could potentially threaten your organization. Cybersecurity measures are frequently focused on threats from outside an organization rather than from individuals 
inside an organization. However, insider threats are the source of many security incidents across industries. They can potentially steal sensitive data, perform 
malicious attacks on your networks, and damage or destroy systems and services. There are generally two categories of insider threat: accidental and 
intentional. Some behaviors that lead to unintentional threats include: Using unauthorized removable media Using personal email for work activities Falling for 
phishing emails Using unauthorized applications (apps) and software Failing to fully test changes to systems before pushing them to widespread use On the flip 
side, intentional insiders use their access deliberately to cause malicious harm. For example, they may steal confidential information about public sector 
services for personal or financial gain, or damage systems or destroy data in retribution for a missed promotion, involuntary termination, or other grievance. 
Challenges to Detecting Insider Threats Malicious acts by insiders are seldom impulsive. Usually, stressful events happen over time that result in the transition of 
a trusted insider to a malicious one. If not identified and resolved in a healthy manner, these stressors could contribute to an individual’s intent to cause harm to 
your organization and its staff. That’s why it’s important to identify and resolve potential stressors early on. Additionally, external factors can be at play. An 
insider could be targeted by an external organization and bribed, or could be extorted. Insider threat actors can be difficult to detect and often go unnoticed. As 
someone who deals with public sector data in the cloud, you serve as the eyes and ears of the organization, and need to pay attention to indicators of insider risk. 
What Are Risk Indicators? There are two types of risk indicators: direct and indirect. Direct risk indicators include the following types of behavior. Occasional 
display of suspicious or disruptive behavior Attempts to gain access to information or data that’s outside the scope of an employee’s job responsibilities, 
including attempts to recruit or coerce others into giving information or doing something suspicious Bullying or sexual harassment of fellow employees 
Workplace violence incidents Serious violations of organization cloud policies Disregard of security procedures and protocols Financial changes including 
unexplained affluence or excessive debt Working or show up for work under the influence Physical and logical access to facilities or proprietary information 
outside of normal work hours Indirect risk indicators are behaviors that require additional analysis to reveal suspicious motives. They can include the following. 
Visible animosity toward a coworker Sudden decline in work performance Irresponsible use of social media Defend Against Insider Threats Measures to defend 
against insider threats include documenting expectations in security agreements, monitoring, cooperating with Human Resources (HR), implementing data 
protections, and reporting in a timely manner. Let’s take a closer look. Security Agreements To help protect against insider threats, public sector employees 
should define explicit security agreements for any cloud services, especially regarding access restrictions and monitoring capabilities. Public sector data hosted 
in a private sector cloud service provider (CSP) is under the care of a third party. Malicious insiders who work for the CSP might be able to access the data 
stored in the cloud for multiple public sector organizations. One tool to consider in strengthening the security of cloud systems containing public sector data is 
to put in place terms and conditions to document trust relationships between organizations owning, operating, or maintaining the information systems. For 
example, the Federal Risk and Authorization Management Program (FedRAMP) moderate baseline recommends this control. These agreements can help 
document expectations around access to the information system, and how information is processed, stored, or transmitted. Whether this step is necessary 
depends on the compliance regimes applicable to the organization, and what existing sharing and trust agreements exist between the organizations. Security 
Assessments Another tool for defending against insider threat and bolstering the security of cloud systems containing public sector data is to develop a security 
assessment plan. For example, the FedRAMP moderate baseline recommends agencies to assess security controls on both an initial and ongoing basis, 
continuously monitor their IT systems, and ensure compliance to vulnerability mitigation procedures, among other security practices. Monitoring Whether you 
work at a public sector organization, a CSP, or a third-party vendor, if you process and store public sector data in the cloud, you have a responsibility to monitor 
that data. Security monitoring in the cloud includes capturing, reviewing, and correlating audit log data. Also consider logging and reviewing all activities 
performed by users within cloud environments. Check for events such as abnormal login times or attempts to access unauthorized resources. Organizations 
dealing with public sector data can consider using user and entity behavior analytics (UEBA) solutions that use algorithms and machine learning to detect 
anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network. UEBA can help you to 
recognize any peculiar or suspicious behavior, such as instances where there are irregularities from normal everyday patterns or usage. For example, if a 
network user regularly downloads files of 20 megabytes every day but starts downloading 40 gigabytes of files, the UEBA system considers this an anomaly and 
alerts an information technology (IT) admin. Or if automations are in place, it automatically disconnects that user from the network. Integrate with Human 
Resources Another important measure is integrating insider threat defenses with Human Resources (HR). HR professionals are more likely to identify patterns, 
behavior, and trends that help mitigate potential harm to an organization and its employees. For example, HR can identify red flags during the interview process, 
creating mechanisms for employees and managers to provide two-way feedback and share concerns. HR can also provide suggestions for delivering 
notifications of termination respectfully and in a way that minimizes intrusiveness and embarrassment. Depending upon an employee’s role, there may also be 
separation agreements that are required to continue confidentiality post-employment. HR also has insights to employee performance records and potential 
disciplinary actions for correlating events back to certain behaviors. It’s critical that HR perform pre-hire background checks that are regularly updated after hire, 
obtain employee acknowledgement of policies and practices, and provide training on insider threats. Data Protections Additionally, it’s important that public 
sector organizations ensure that their data protection and monitoring requirements for CSPs are commensurate with the organization’s own requirements. It’s 
vital that protections include physical and technological requirements, and HR requirements for CSP employees. Timely Reporting As someone who works with 
public sector data, you can serve as the first line of defense for insider threats by reporting unusual activity to your organization’s security team. Your 
organization’s incident response team can investigate unauthorized access to data or attempts to circumvent security configurations by keeping an eye on 
suspicious activities or threat indicators. Depending on your organization’s requirements, you may also need to report unusual activity to your human resources 
team, or outside groups such as law enforcement. If something at work doesn’t feel right—an unusual access request or information request, for example—don’t 
hesitate to contact your organization’s incident response or security team right away. Keep in mind that the longer an attacker is on your network, the deeper 
they can go, the more backdoors they can open, and the more data they may be able to extract. Any public sector data displayed outside the cloud’s authorized 
boundaries constitutes a security incident and should be reported immediately. This applies not only to customer data but also to any information that can impact 
the CIA of the cloud environment. Acting fast when you spot a potential security incident is critical, because it helps your incident response team track down the 
source and thwart any potential damage. What’s more, if your organization has a security incident involving public sector data, you may be subject to external 
reporting requirements. For example, under the General Data Protection Regulation (GDPR), organizations have just 72 hours to gather all related information 
and report data breaches to the relevant regulator. By reporting suspected incidents to your organization’s incident response team immediately, your 
organization is better able to meet its external reporting requirements. If your organization fails to meet these requirements, you can incur fines, damage 
customer and investor trust, and continue to repeat past mistakes. Sum It Up In this unit, you learned about insider threats and the concern they pose for 
protecting public sector data in the cloud. Now, let’s turn our attention to an important security control to consider when managing and protecting public sector 
data in the cloud: access control. Resources External Site: Cybersecurity and Infrastructure Security Agency (CISA): Detecting and Identifying Insider Threats 
PDF: Software Engineering Institute (SEI): An Insider Threat Indicator Ontology PDF: Cybersecurity and Infrastructure Security Agency (CISA): Combating the 
Insider Threat External Site: The Washington Post: Government and critical industries aren’t ready for insider threats External Site: The Wall Street Journal: 
Capital One Breach Highlights Dangers of Insider Threats Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/public-sector-data-security-in-the-cloud/6d13024a1228a37810f72f552eeb4647_badge.png 
Public Sector Data Security in the Cloud 100% Progress: 100% View more modules Skip to main content Public Sector Data Security in the Cloud Secure Public 
Sector Data Time Estimate About 10 mins Topics Learning Objectives High-Value Assets Secure Data Handling Media Protection The Bottom Line Resources 
Challenge +25 points Get help with this badge Provide feedback for this badge Secure Public Sector Data Learning Objectives After completing this unit, you’ll be 
able to: Describe how to safeguard high value assets in the cloud. Explain how to securely handle public sector data in the cloud. Identify media protections for 
public sector data in the cloud. List best practices for data backup and storage in the cloud. Now that we’ve talked about access control and encryption, let’s 
continue by discussing data handling controls for protecting public sector data in the cloud. High-Value Assets High-value assets (HVAs)—that sounds important, 
doesn’t it? That’s because it is! An HVA is information or an information system that is so critical to an organization that the loss or corruption of this information 
or loss of access to the system results in a serious impact on the organization’s ability to perform its mission or conduct business. It’s no surprise then that it’s 
essential to have special controls in place to protect these types of assets, especially when hosted in the cloud. These controls should be outlined in your 
organization’s data classification standard. The last thing you want is for a cybercriminal to gain unauthorized access to high value asset data, including public 
sector information! To identify and protect high-value assets, start with a business impact analysis (BIA), which predicts the consequences of disruption of a 
business function and gathers information needed to develop recovery strategies. During the BIA, identify potential loss scenarios and associated costs from a 
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compromise of the confidentiality, integrity, or availability (CIA) of mission critical data. Also identify recommendations for recovery. Depending upon the data 
contained in the HVA, it may be necessary to conduct other reviews, such as a Privacy Impact Assessment. Because of the importance of safeguarding HVAs, 
only allow as small as necessary a subset of your organization’s employees access to them. Have policies and procedures in place for managing HVAs, and 
cover protections while the data is stored in your systems and when it’s shared externally. Secure Data Handling To make sure you handle public sector data in a 


way that complies with your organization’s requirements, always keep sensitive data in controlled, approved, and secure cloud environments with backup 
capabilities. Production servers provide greater security than your laptop, for example. Here are some additional steps you can take to keep public sector data 
secure. Avoid accessing public sector data unless it’s required for your job. Only access the data from an authorized or approved device issued by your 
organization. Avoid downloading data to your computer, unless required for your job. Do not export any information from a cloud environment whose disclosure 
can impact the CIA of the environment. Do not use an external email account to send information. Use only approved third-party storage sites. Limit printing of 
data to only what’s necessary for your job, and keep your desk clean of sensitive data when stepping away or leaving for the day. Encrypt and back up data to 
mitigate risk if data is lost or stolen. Do not store information on Universal Serial Buses (USBs) or external hard drives. You may be wondering what type of 
information disclosure can impact the CIA of your environment. This can include, for example, if a medical provider at the Department of Veterans Affairs exports 
patient data from the cloud system hosting that data, and emails it to the wrong patient. In determining potential impact, it’s key you consider the quantity of 
sensitive data. For example, breaches of 25 records of personally identifiable information (PII) and 25 million records may have different impacts. Also evaluate 
the sensitivity of the data fields when combined. Aggregating different data sets can increase the potential impact to the information if disclosed improperly. For 
this reason, it’s best to de-identify information where possible by removing account numbers, names, and other identifiable information when aggregating 
information. A USB crossed out Media Protection Whether at a cloud service provider (CSP) or a public sector organization, a limited number of employees need 
access to media that contains public sector data. It’s imperative that your organization maintains a media protection policy that describes how to properly handle 
backup tapes and other digital media like portable hard drives and USBs. In the policy, address media marking, storage, transport, sanitization, disposal, and use. 
If you’re in a position with access to media containing public sector data, it’s critical to review your organization’s policies and familiarize yourself with these 
processes. Data Backup and Storage In addition to identifying your mission critical data, it’s crucial that your organization backs up this data to maintain 
accessibility to pertinent information. Per your organization’s information security standards, back up public sector data in the cloud at a frequency consistent 
with recovery time and recovery point objectives. Define these objectives in your BIA. Define specific guidelines pertaining to these objectives by the regulations 
and standards applicable to your organization’s jurisdiction. The recovery time objective (RTO) documents the amount of time an organization has to restore its 
processes to an acceptable service level after a disruption to avoid intolerable consequences associated with the disruption. The recovery point objective (RPO) 
documents how fresh the recovered data must be. Protect backup information and media at all storage locations, whether in the cloud or at an off-site storage 
facility. Sanitize, destroy, or both, data that’s no longer required in line with your organization’s data retention policy or standard. Define specific guidelines 
pertaining to data sanitization by the regulations and standards applicable to your organization's jurisdiction. Consider using a combination of online and offline 
backups for further recovery options. The Bottom Line You are the strongest link in your organization’s security efforts. You now have the knowledge to protect 
and safeguard your organization and customers. As someone who deals with public sector data in the cloud, you’re entrusted with very sensitive data. It’s up to 
you to be compliant and vigilant in your efforts to stay secure. Don’t forget, if you see something, say something by contacting your organization’s security team. 
Interested in learning more about cybersecurity careers and technologies? Head over to the Cybersecurity Learning Hub to explore other topics and hear from 
real security practitioners. Resources PDF: Cybersecurity and Infrastructure Security Agency (CISA): Secure High Value Assets (HVAs) External Site: Fortinet: 
What Is Data Classification? PDF: National Institute of Standards and Technology (NIST) Special Publication (SP) 800-122: Guide to Protecting the Confidentiality 
of Personally Identifiable Information (PII) Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/public-sector-data- 
security-in-the-cloud/6d13024a1228a37810f72f552eeb4647_badge.png Public Sector Data Security in the Cloud 100% Progress: 100% View more modules Skip to 
main content Secrets Management for Developers Identify Secrets Time Estimate About 10 mins Topics Learning Objectives What Is a Secret? Authentication, 
Authorization, and Encryption Manage Your Encryption Keys Knowledge Check Resources Challenge +25 points Get help with this badge Provide feedback for 
this badge Identify Secrets Learning Objectives After completing this unit, you’ll be able to: Identify three types of secrets at your organization. Define 
authentication, authorization, and encryption. Explain strong key management principles. What Is a Secret? Customer trust issues can derail even the best-laid 
cybersecurity plans. Your customers rely on you to safeguard their data, and to keep that data safe from anyone who does not have a business need to access it, 
even someone inside your organization’s network. While protections like network segmentation protect data, code, and applications from external and internal 
threats, it’s still up to you to manage secret information carefully. So, just what is a secret? You can define secrets in three main ways. Credentials that 
authenticate individual identities for systems and services Private keys used to sign certificates that authorize services to other services Keys used to encrypt 
other secret information like customer data If you start with these definitions, you can sort your secrets into categories. The first category is passwords, or other 
credentials that you use to protect your laptop, phone, and organizational access. The second category is the private keys that services use to provide access to 
sensitive systems, services, and information. And the third category is the keys used to encrypt content like customer and organizational data, so that even if it is 
accessed, it is kept secret. Password Versus Key For most computer security purposes and for most users, a key is not the same thing as a password, although 
a password can be used as a key. The primary difference between keys and passwords is that passwords are intended to be generated, read, remembered, and 
reproduced by a human user. A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, so human readability is not 
required. In fact, most users are, in most cases, unaware of the existence of the keys being used on their behalf by the security components of their everyday 
software applications. Secrets are never as simple as they seem, and handling secrets well involves several tricky factors. When managing secrets, here are 
some good questions to ask. How secret is this secret? How many humans know it? How many places is it stored? How hard would it be for an attacker to learn 
or guess it? Good secrets should be very hard to guess and obtain if you’re not supposed to have them. Will this secret always be available when needed? Let’s 
say your service needs a secret to do its job. If the service storing that secret goes down, your customers are going to have a rough day without access to the 
system they need. The availability of secrets depends on the availability of your service overall. As your organization continues to innovate with new 
technologies, effective secret management becomes even more important. Authentication, Authorization, and Encryption There are three main ways to protect 
secrets: authentication, authorization, and encryption. They are all related, and they often overlap with one another. Sometimes they are used in combination, 
such as when a system authenticates your identity and then checks whether you’re authorized to access that system. At other times, systems encrypt secrets so 
that they cannot be understood without being decrypted. Authentication Authentication is the process of proving your identity. Let’s say you are trying to log in to 
your company’s website as yourself. The website asks you to enter your password so it knows it’s you. Authentication assures you that a call is actually coming 
from a service you trust and not from an attacker. Authentication can be single-factor or multi-factor (MFA). A factor is what you use to authenticate, and it falls 
into one of three categories. Something you have: Examples include a proximity key like a wireless key fob, or a magnetic strip card like your personal debit card 
Something you are: Examples include a fingerprint or facial identification Something you know: Examples include a password, passphrase, or personal 
identification number (PIN) Single-factor authentication is when you use just one of these factors to authenticate, such as when you type in your username and 
password (something you know) to log in to your email. MFA requires two or more of these items, like when you use your credit card (something you have) and 
enter your PIN (something you know) to complete a transaction. Authorization Authorization is the next step after authentication. Now that you have verified your 
identity, what are you allowed to do? One user shouldn’t be authorized to change another user’s password, for example. Another example of authorization, are 
the resources you have access to for your job. If you work on the Finance team, you shouldn’t be able to access a Human Resources database, and vice versa. 
You only see the resources that you are authorized to use. For high-security processes, you may need to demonstrate that you’re authorized by more than one 
group in order to gain access. This is known as quorum authorization. For example, if you’re an auditor and need temporary access to a secure financial system, 
you may require approval from both the business owner of the system and a senior administrator. This method prevents any one group from providing access to 
secure systems without sufficient authorization. Encryption Encryption uses mathematical equations to scramble data so that they appear to be random. Only 
parties with the right secret key can decrypt the contents. Even if attackers can intercept the data your service sends or stores, encryption prevents them from 
understanding the true contents of the data without the secret key. All of these techniques require secrets, and they require those secrets to be stored securely. If 
an attacker knows the password or the decryption key, it doesn’t matter how sophisticated your authentication or encryption schemes are. Let’s take a look at 
some best practices for managing these keys. Manage Your Encryption Keys Just as there are questions you should ask yourself about secrets management, 
there are also factors to consider when you manage keys. Make It Durable If you permanently lose a key used to encrypt data, you’ve effectively lost the data no 
matter how many backups you have of the encrypted bits. This situation can be especially challenging with secrets, because the usual response (make lots of 
backup copies!) conflicts with the first principle of secrets management, which is to keep the secret secret. You can make your keys more durable by backing 
them up and storing them in an additional secure location to ensure that you still have access to the keys in case one location is destroyed in a disaster. This can 
be performed by using the native backup options provided by your application or by using a dedicated encryption key backup system. Change It It’s best to use 
an automated process to change keys regularly. Doing so allows you to test your key management process of changing secrets to prevent unauthorized access. 
It also allows you to take action if an attacker is able to steal a secret. By changing the key, the attacker might have the data, but they would be unable to unlock it, 
rendering it useless. Declare Cryptoperiods A cryptoperiod is the lifetime of a key. When you generate a key, you should declare a cryptoperiod. It’s then tracked 
throughout the usage of the key. For some scenarios, like transport layer security (TLS) certificates used for secure web communication, the protocol directly 
supports this concept, and using it as designed automatically sets a cryptoperiod expiration limit. The cryptoperiod for TLS is designated by the notBefore and 
notAfter fields specifying the validity period. When a cryptoperiod expires, copies of the key material are destroyed or rendered useless, and this process is 
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logged. In the case of data encrypted at rest, take care to ensure the data is reencrypted with an active key or keys prior to discarding the key material. Also, once 
key material has reached the end of its lifetime, do not reuse it for other purposes. Be sure to generate new keys for any needs beyond the expiration date. A 
stopwatch with digital keys instead of hour and minute hands Knowledge Check Ready to review what you’ve learned? The knowledge check below isn’t scored 
—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all 


the items, click Submit to check your work. To start over, click Reset. Great work! You now understand more about different types of organizational secrets, and 
how authentication, authorization, and encryption help you protect them. In the next unit, let’s dive deeper into the nitty-gritty of protecting secrets. Resources 
External Site: National Institute of Standards and Technology (NIST): Special Publication (SP) 800-63B: Digital Identity Guidelines External Site: National Institute 
of Standards and Technology (NIST): Identify & Access Management Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/secrets-management-for-developers/e513d858896b1190fb8da515e6168624_badge.png 
Secrets Management for Developers 100% Progress: 100% View more modules Progress: 100% View more modules Skip to main content Contact Center 
Transformation Build a World-Class Omni-Channel Contact Center Workforce Time Estimate About 10 mins Topics Learning Objectives Welcome to the Age of 
the Customer Change Channels—and Customer Interactions So What’s Next? The Service Cloud Advantage: Connect with Connected Customers Give Agents a 
Single, 360-Degree Customer View Boost Agent Productivity—and Customer Happiness Help Customers Help Themselves with Self-Service Sites Meet Rising 
Customer Expectations on Every Channel Resources Copyright Challenge +25 points Get help with this badge Provide feedback for this badge Build a World- 
Class Omni-Channel Contact Center Workforce Learning Objectives After completing this module, you’ll be able to: Explain the consumer’s expectations of 
service. Describe how emerging technologies can impact your contact center design. Describe the Salesforce Service Cloud Advantage. Discover how to use 
customer past experiences and feedback to transform your organization. Welcome to the Age of the Customer Customer service has evolved, and it has 
shattered the idea of call center business as usual. Today’s customers are digital and on the move. They connect to each other instantly through multiple 
channels, and they expect the same from the companies they deal with. Let’s look at how Service Cloud can help your call center team exceed your customers’ 
ever-demanding expectations. According to top researcher Forrester, “The ability to align products, operations, and business models to what we call a 
‘customer-obsessed operating model’ will determine a company's ultimate success.” In other words, for businesses to keep customers happy and to stay 
competitive, you must invest in sophisticated technology that lets your contact center deliver top-notch service on every channel. Change Channels—and 
Customer Interactions The way in which customers contact you is always shifting: calling, emailing, texting, and so on. The shift will continue as artificial 
intelligence (Al) becomes more commonplace. Brace yourself for Al to disrupt customer support jobs, as nonhuman interactions are on the rise. For example, 
with the Internet of Things (IOT), a washing machine can predict the need to purchase more detergent and instantly connect with a retailer’s app (such as Amazon 
Alexa) to place and confirm the order. This is not to say we don’t need service agents, but the way they interact with customers is changing fast. Human 
interaction will still be required on many of the customer service cases coming through your organization. But as new technology makes contacting service 
easier, more accessible, and instant, the overall volume of customer service interactions through multiple channels will continue to climb. So What’s Next? 
Agents must become experts in all customer engagement channels to make their customer interactions more personalized and, well, human. But what happens 
if your agents don’t have the right tools to meet the shifting demands of customers? Customer frustration can increase as brand loyalty decreases, ultimately 
leading to lower CSAT and NPS scores...and greater attrition. That’s why leading organizations understand the need for an intelligent, flexible customer service 
platform that can give their agents the tools to make their jobs easier, and meet the higher demands of today’s customers. And it’s why organizations are digitally 
transforming their customer contact centers with the Service Cloud platform. The Service Cloud Advantage: Connect with Connected Customers It’s not 
necessary to make things overcomplicated to offer an omnichannel experience. You can make it happen in a single platform. Here’s how: Service Cloud gives 
your agents the power to deliver service that bridges the gap from a transaction to an interaction. It’s as instant and easy as a conversation, on whatever channel 
your customers are using—from a single platform. Now your agents can respond in real-time to any customer, anywhere. Phone Text/SMS Email Websites Chat 
Mobile apps Social Media Self-service site Two-way video chat Decorative image of icons for types of communication Give Agents a Single, 360-Degree 
Customer View Imagine this: Every single service agent can turn to their desktop and have a real-time view of a customer's entire journey with your company. 
And they can then use that information to offer personalized service—fast. The Lightning Service Console is designed with agents in mind. And since the console 
is built on the Salesforce platform, your agents can access information from different systems across the company. This enables agents to access everything 
they need to provide quality customer service from one screen. Boost Agent Productivity—and Customer Happiness It’s not unusual for companies to have 10 or 
20 systems that agents use to find all a customer’s information. If agents have all of that information on one screen, they can solve customers’ issues much 
faster, and work more efficiently. And you can boost customer satisfaction and your ROI. With the Lightning Service Console, everything an agent needs is right 
at their fingertips so that they can deliver: Faster service: Rapidly work through any backlog of cases with tools that eliminate clicks and let agents take care of 
customers quickly, increase customer satisfaction levels, and stay motivated by feeling agile and productive. Smarter service : Agents can be proactive service 
gurus, address inefficiencies before they happen, and feel empowered with the right information to make more informed decisions that help build lasting 
customer relationships. Personalized service : “ 68% of consumers Say it’s very important for service agents to know their full history.” Regardless of channel, 
your agents can always know everything about your customer. Whether it’s past issues, purchase history, or data from a backend system, everything’s all in one 
place. So get ready to leapfrog the competition as you deliver on the personalized experiences your customer cares about most. Help Customers Help 
Themselves with Self-Service Sites Did you know that most customers prefer not to talk to a live agent? In fact, “81% of them try self-service first.” So how can 
you offer personalized self-service on any channel a customer chooses? With Service Cloud, you can create a single, branded Experience Cloud site that your 
customers can access to find what they need, on any device, anywhere they go. This frees agents to spend more time working on the toughest cases. So what 
about those questions going unanswered in self-service sites? Salesforce Experience Cloud sites integrate with Service Cloud. Customers can create cases 
manually, agents can escalate customer questions to cases, and managers can set workflows to escalate cases if a question hasn't been answered Meet Rising 
Customer Expectations on Every Channel Everyone appreciates a genuine conversation. That goes for customers, too. It’s time for service agents to ditch the 
call script and engage with customers with more personalized conversations. Research shows that the “service customers experience from your center 
influences the level of service they expect to experience in their next contact.” It’s important to understand what customers expect from your organization, so 
you can reposition the contact center to meet shifting expectations quickly and efficiently. Let’s look at how to do that. Best Practices for Omnichannel Call 
Center Success 1. Customer service is a team sport: Ensure that everyone in your service organization, from agents to your management team, thoroughly 
understands your top 10 basic customer expectations. Be sure to post them prominently. Happy agent with headsetService Team Tip Have your service center 
management memorize the list of top 10 customer expectations, and make a habit of considering them when making decisions. 2. Don’t guess what customers 
want. Go straight to the source: the customer. Create services based on what customers really expect. Then listen to customer interactions with agents and 
social channels. Take frequent and detailed surveys to get insight on how you’re meeting the team’s 10 expectations. Happy agent with headsetService Team Tip 
Consider posting a scorecard based on customer feedback to keep managers and agents up to date on changing customer expectations. 3. Exceed expectations. 
Steve Jobs said, “Customers don’t usually know what they want until you show it to them.” Go beyond the status quo and give customers more than what they 
ask for, and differentiate your brand through service. Transform your call center now to get a jump-start on the future. Happy agent with headsetManagement Tip 
Read the Trailhead module about Service Analytics and Discovery Einstein to learn how Salesforce can help predict what a customer needs before they ask for it. 
4. Build cross-functional teams. Make customer service a team sport by serving customers across your organization. Use your company’s combined 
information, support, processes, products, and services to meet and exceed customer expectations. Happy agent with headsetManagement Tip Use Salesforce 
Experience Cloud sites within your own organization to keep everyone connected and engaged across divisions. This better supports your service organization. 
5. Let your customers guide your strategy. Ensure that the evolving customer expectations are central to how you approach your customer relationships. Enable 
your customers to drive everything, including segmentation, the channels you make available, service-level objectives, your hours of operation, and more. Happy 
agent with headset Management Tip Consider adding customer surveys that include capturing their operational preferences alongside service-level expectations. 
Now you have a few new service strategies to give your customers simplified, fast, convenient, and consistent services, that can build loyalty and turn them into 
your brand ambassador. Resources Second Annual State of Service Report Salesforce Positioned in the Leaders Quadrant of the Magic Quadrant for CRM 
Customer Engagement Center 2017 for Ninth Consecutive Year" Connect to Your Customers in a Whole New Way Copyright Rights of ALBERT EINSTEIN are 
used with permission of The Hebrew University of Jerusalem. Represented exclusively by Greenlight. Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/contact-center-transformation/bfaaacdd8eb49d0fdb2c7f295e1135fc_badge.png Contact 
Center Transformation 100% Progress: 100% View more modules Skip to main content Contact Center Transformation Hire and Coach for Success Time 
Estimate About 10 mins Topics Learning Objectives Turn Customer Service Agents into Agents of Change Step One: Hire the Right Agents Step Two: Build a 
Winning Agent Team Step Three: Keep Your Agents Motivated Step Four: Deliver Constructive Feedback on Agent Performance Resources: Challenge +25 points 
Get help with this badge Provide feedback for this badge Hire and Coach for Success Learning Objectives After completing this module, you'll be able to: Explain 
how to hire the right service agents. Explain how to motivate, train, and boost agent morale. List what to look for when assessing agent performance and how to 
give effective feedback. Turn Customer Service Agents into Agents of Change Turnover statistics at most call centers reveal a truly scary picture, with plenty of 
effort and training dollars wasted, as experienced agents jump ship for better opportunities. Want to figure out how to stop wasting time and money? Here’s a 
step-by-step guide to implement a strong digital contact center hiring and onboarding program. Step One: Hire the Right Agents Service agent talks to customer 
on the phone If you want to offer exceptional customer service, start by transforming your hiring process. Improving the hiring process boosts the overall 
performance of your operation and customer service, while cutting the cost of providing that service. So now you’re ready to hire stellar agents. Let’s examine 
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the most important qualities to look for in every new hire, as outlined by Kevin Hegebarth, an expert in customer service and hiring excellent candidates. 
Technical knowledge: They have a solid understanding for the industry and basic resolution skills. Ability to multitask: They must thrive in a hectic environment 
and be able to jump from one issue to another quickly. Pleasant phone etiquette: Candidates must have the ability to engage with customers in a pleasant manner 
and be able to hold a fluid conversation. Ability to stay calm, cool, and collected: They’re able to remain calm and resourceful in any situation, regardless of the 


circumstances. Ability to focus: They have the ability to stay present and focused on delivering the best possible service to each and every customer. Solution- 
oriented thinkers: They display a high level of confidence and a propensity to search for a resolution themselves or direct their customers to the appropriate 
personnel who can provide an answer. Ability to listen and put the customer first: They can use empathy and patience to ensure customers feel catered to and 
confident that the support representative is hearing their issue and is knowledgeable in the subject matter. Step Two: Build a Winning Agent Team As more 
people are doing business online, your customer service team is increasingly becoming the center of business growth. Kevin Hegebarth suggests four strategies 
you can use to build your winning agent workforce. Four Key Strategies for Hiring Success Decorative image of a birdThe Early Bird Gets the Worm The 
competition for qualified agent labor is fierce. Make a decision quickly for the best chance to snag the best talent in your market. Applicants are more likely to 
accept job offers that are made quickly. And that timely hiring decision tends to have a positive effect on the prospective employee’s performance once on the 
job. Decorative image of a notification bell icon Let Candidates Know According to a 2013 national survey by CareerBuilder, over 75% of applicants never hear 
anything from a hiring company. Zero. Zilch. Nothing. Yet, 82% of them expect some kind of response, even a simple “thanks, but no thanks.” Don’t let your 
hiring process become a black hole. Responding to each application helps bolster your brand perception on company review sites and leads to more promising 
candidates. Decorative image of hands interlockedGet Everyone Involved Record applicant interviews and share the most promising candidates with key 
colleagues to ensure correct hiring decisions are made. It also helps calibrate the recruiting team—in much the same way as your quality assurance teams are 
calibrated—so that each candidate is evaluated consistently. Decorative image of crystal ballUse Your Crystal Ball (Sort Of) It takes a lot of time and money hiring 
each new agent, which is wasted if the new hire doesn’t work out. Big data and predictive analytics can help identify stellar candidates and minimize the risk of a 
bad hire. Predictive analytics compares the tenure and performance of successful agents with data collected about them during their hiring process. This 
comparison gives you a data-driven model that can help you evaluate new applicants. If candidates fit the model, they generally perform well against the key 
metrics of the organization. Move them to the top of your list for hiring consideration. Step Three: Keep Your Agents Motivated Customer service agent works at 
her desk. So you’ve found the right talent, and built your team. Now you’ve arrived at one of the most important steps of all: Invest in your employees. Rewarding 
agents when they go beyond their job description helps retain top talent. Remember, happy agents = happy customers. To keep your agents happy, you’ve got to 
equip them with tools to succeed in their job. Agents who feel supported are more invested in their jobs, and they’re more proactive, productive, and most 
importantly, more pleasant to customers. So where to start? According to David Bethers, “fun incentive programs are an easy way to motivate and build team 
collaboration, while making employees feel rewarded for a job well done. But you also need a plan. These five ways can help agents make a successful career out 
of customer service.” New skills: Offer training in digital, social media, and mobile apps and emerging channels. New motivations: Empower agents to make 
decisions, highlight agent diversity hiring practices. New work rules: Give high-performing agents more autonomy that can lead to future positions, offer 
schedule flexibility, and encourage collaboration within the team. New metrics: Take another look at agent retention, offer role extensions and paths to 
promotions. New career paths: Introduce opportunities for agents to migrate to another department in your organization, such as Marketing, Digital Content, 
Social Media, or Sales. Step Four: Deliver Constructive Feedback on Agent Performance There are lots of factors that can affect an agent’s performance. As we 
all know, the contact center can be a stressful place. Agent stress can trigger customer stress, and customer stress can trigger agent stress. If you see an issue 
escalating on the floor, be sure to talk to your agents to help them recognize and diffuse their stress triggers. Next, be sure to design the performance 
conversations in advance and communicate with your agents about how they are assessed. Create an open dialogue established to understand what tools and 
continued training your agents require to perform at their best. Finally, deliver constructive and consistent feedback designed to improve agent performance and 
be clear about how you can support them and their growth aspirations. These steps can go far to ensure that agents earn your respect and trust and that they’re 
set up for continued success within your organization. The Agent Performance Feedback Conversation A flow chart showing the stages previously outlined in the 
content: State your purpose, describe observations, describe consequences, give them a chance to respond, offer suggestions, and summarize your support. 
Resources: International Customer Management Institute Four Effective Agent Hiring Strategies, Kevin Hegebarth, January 2015 Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/contact-center-transformation/bfaaacdd8eb49d0fdb2c7f295e1135fc_badge.png Contact 
Center Transformation 100% Progress: 100% View more modules Skip to main content Winter '23 Release Highlights See What’s New with Sales and Service 
Time Estimate About 10 mins Topics Learning Objectives Dynamic Forms Enhancements Sales Cadence Screen Flows Subscription Quotes Territory Planning 
Enhancements Forecasting Enhancements Broadcast Communication Amazon Connect Enhancements for Service Cloud Voice Enhanced Messaging for 
Facebook Messenger Preventive Maintenance Enhancements Article and Reply Recommendation Enhancements Enablement Challenge +50 points Get help with 
this badge Provide feedback for this badge See What’s New with Sales and Service Learning Objectives After completing this unit, you’ll be able to: Explain how 
to deliver richer conversations on Facebook Messenger using structured content. Describe how to migrate the fields and sections from page layouts as 
individual components. Define new sales cadence steps using screen flow technology. Explain how to seamlessly broadcast status updates across digital 
channels. Dynamic Forms Enhancements Dynamic forms are now available for three core objects: Accounts (both Business and Person), Contacts, and 
Opportunities. With dynamic forms, you can migrate the fields and sections from your page layouts as individual components. Then configure them like other 
components on the page, to display only the fields and sections that users need. Using Dynamic Forms for Opportunities Learn more about Dynamic Forms 
enhancements. Sales Cadence Screen Flows Now you can define new steps using screen flow technology. Cadence creators can add admin-enabled advanced 
flows to sales cadence steps. Adding a cadence flow in Cadence Builder Learn more about Sales Cadence Screen Flows. Subscription Quotes Quote, price, and 
close B2B deals on subscription-based products and services using Subscription Quotes. This feature gives businesses the flexibility to discount, approve, and 
share PDFs for signature, making it that much easier to close subscription deals. A subscription quote Learn more about Subscription Quotes. Territory Planning 
Enhancements Easily create territories based on criteria beyond geography. Cut and carve territories by fields such as Industry or Number of Employees, 
defining the rules in-app to streamline the territory planning process. Import from and publish field-based rules to Enterprise Territory Management for ongoing 
maintenance. Defining rule criteria in Territory Planning Learn more about Territory Planning enhancements. Forecasting Enhancements Winter ’23 
enhancements let you further tailor your forecasts to meet your business needs. Use custom-calculated columns such as commit coverage or best case to 
commit ratios, or filter on custom data types like annual contract value (ACV). The Commit Coverage column in an Opportunity Revenue forecast Learn more 
about Forecasting enhancements. Broadcast Communication Proactively update customers and internal stakeholders about an incident by seamlessly 
broadcasting status updates across digital channels like email and self-service sites. Learn more about Broadcast Communication. Amazon Connect 
Enhancements for Service Cloud Voice Service Cloud Voice with Amazon Connect now includes Amazon Connect outbound campaigns. This means you can 
contact hundreds to millions of customers daily with outbound, predictive dialing. The Omni-Channel screen in Service Console Learn more about Amazon 
Connect enhancements for Service Cloud Voice. Enhanced Messaging for Facebook Messenger Deliver richer conversations on Facebook Messenger with 
structured content (including carousels, time pickers) while unlocking more automation. Now you can set up routing rules to send a conversation to a bot or 
agent using Omni-Channel Flow. Preventive Maintenance Enhancements Create preventive maintenance plans for assets based on usage so your customers 
never miss a beat. The next maintenance can either be determined by a fixed cadence or, with the floating work order feature enabled, automatically adjusted 
based on usage since the last completed maintenance. Article and Reply Recommendation Enhancements Get insights into your article/reply recommendations 
model with a comprehensive dashboard. Use these views to identify Einstein’s strengths, quantify your productivity gains, and spot areas for improvement. 
Learn more about Article and Reply Recommendation enhancements. Rights of ALBERT EINSTEIN are used with permission of The Hebrew University of 
Jerusalem. Represented exclusively by Greenlight. Enablement Tie enablement to business outcomes and get more sellers to quota, faster. With the all-new 
Salesforce Enablement, you can personalize enablement at scale and deliver coaching in the flow of work for predictable, repeatable revenue results. Learn more 
about Enablement. Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/winter-23-release- 
highlights/e3caaa2cb936fbf7b83016d0272cc3c5_badge.png Winter '23 Release Highlights 100% Progress: 100% View more modules Skip to main content Winter 
‘23 Release Highlights See What’s New with Marketing, Commerce, and Loyalty Time Estimate About 25 mins Topics Learning Objectives External Actions Push 
Enhancements Ecommerce Marketing Insights CDP Connector for Google Cloud Storage TikTok Integration for Commerce Store Fulfillment B2B Commerce and 
B2B2C Enhancements Payments Enhancements Order Management Enhancements Member Engagement Widgets Loyalty Member Badges Loyalty Journeys for 
Marketing Cloud Engagement Loyalty Management for Media Loyalty Promotions Setup Enhancements Challenge +25 points Get help with this badge Provide 
feedback for this badge See What’s New with Marketing, Commerce, and Loyalty Learning Objectives After completing this unit, you'll be able to: Describe how 
to increase community loyalty with Member Badges. Explain how to launch and implement a loyalty program using Loyalty Journeys and customizations. 
Describe how to automatically connect ecommerce and marketing data to generate insights and drive commerce outcomes. Explain how to reach customers 
with more relevant messages on preferred channels. Describe how to reach new audiences on TikTok through a rich, in-app experience. Explain how store 
associates can efficiently pick, pack, and ship incoming orders placed online. External Actions Streamline your marketing tech stack and use all your 
engagement channels with External Actions in Engagement Studio. This lets you build external actions for third-party apps—such as registering prospects for 
webinars. Push Enhancements Use simple, RESTful APIs for consistent cross-channel implementation and real-time message delivery for transactional and 
promotional messages. Ecommerce Marketing Insights Automatically connect ecommerce and marketing data and generate out-of-the-box insights to drive 
commerce outcomes. With this app, marketers get a view of how their marketing campaigns drove ecommerce revenue (considering sales, returns, 
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cancellations). They can analyze all ecommerce performance—at any granularity, from any platform over time—while tying it back to various marketing tactics. 
This helps marketers optimize, drive target product revenue, increase halo product sales, and ultimately improve customer experience and loyalty over time. 
CDP Connector for Google Cloud Storage Reduce integration and maintenance costs by leveraging a prebuilt connection to bring data from Google Cloud 
Storage into CDP. Use cloud storage attributes to enrich customer profiles and drive segmentation and personalization. New Google Connector Configuration 


setup screen TikTok Integration for Commerce Reach new audiences and make social commerce easy with dynamic video/collection ads and automated smart 
product feeds through a rich in-app experience. Merchants can now easily add and launch TikTok as a new sales channel within Salesforce Commerce Cloud and 
get their products published quickly on TikTok via catalog-focused advertising solutions. Store Fulfillment Pick, pack, and ship incoming orders placed online. 
Empower store associates to handle ship-from-store and BOPIS (buy online and pick up in store) orders efficiently. B2B Commerce and B2B2C Enhancements 
Enable recurring revenue for B2B and B2B2C with Subscription Management’s pre-built integration from Revenue Cloud to Commerce Cloud. Launch a direct-to- 
consumer (D2C) channel in new markets, now with support local for tax tables and multiple languages for a single D2C site. Lastly, enable shoppers to quickly 
search for products on B2B stores with SKU Search Enhancements and gain more insight into shopper intent with Semantic Search. Learn more about B2B 
Commerce and B2B2C Enhancements. Payments Enhancements Offer shoppers new payment methods with support for Afterpay, a buy now, pay later option; 
and Venmo, a popular online payment method. Deliver Reports and Dashboard capabilities with payments for Salesforce Order Management users. Learn more 
about Payments Enhancements. Order Management Enhancements Empower service agents to recommend and order products on behalf of customers for 
seamless and personalized shopping experiences. Use Tableau data to improve transparency across your inventory with analytics for predictive and actionable 
insights. Plus, ingest and process orders at a high scale. Learn more about Order Management Enhancements. Member Engagement Widgets Drive program 
engagement with interactive member widgets that you can embed in any external site. Out-of-the-box templates let you easily design and deploy widgets that 
display member points or enable users to enroll in programs or promotions, or customize your own. Learn more about Member Engagement Widgets. Loyalty 
Member Badges Build a stronger, more loyal community with Member Badges that can be displayed on a Member Profile and on external sites. Reward members 
with badges for specific activities and tie badges to "surprise and delight" bonus offers. Learn more about Loyalty Member Badges. Loyalty Journeys for 
Marketing Cloud Engagement Automate member incentives and engagement with new out-of-the-box Loyalty Journeys for Journey Builder. Quickly and easily 
deploy a journey when a member enrolls, is approaching a new tier, and more. Learn more about Loyalty Journeys for Marketing Cloud Engagement. Loyalty 
Management for Media Rapidly launch and implement a customized loyalty program for B2C media companies with out-of-the-box templates and processes and 
an industry-specific data model. Loyalty Console screen showing Benefit Types, Loyalty Promotions, Loyalty Program Members, and Transaction Journals 
Loyalty Promotions Setup Enhancements Easily create additional program rules for tier processing, benefits management, point transfers, and more. Creating a 
new rule for tier-based promotions Learn more about Loyalty Promotions Setup enhancements. Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/winter-23-release-highlights/e3caaa2cb936fbf7b83016d0272cc3c5_badge.png Winter '23 
Release Highlights 100% Progress: 100% View more modules Skip to main content Winter '23 Release Highlights See What’s New with Platform: Build, 
Automate, and Secure Time Estimate About 15 mins Topics Learning Objectives DevOps Center Sandboxes on Hyperforce: Quick Clone Salesforce Functions 
Enhancements External Services Enhancements Flow Builder Enhancements Flow Orchestration Enhancements AWS Partnership Enhancements Publish- 
Subscribe API Private Connect Enhancements Privacy Center: Preference Manager Security Center Enhancements Scoping Rules Enhancements Challenge +25 
points Get help with this badge Provide feedback for this badge See What’s New with Platform: Build, Automate, and Secure Learning Objectives After 
completing this unit, you’ll be able to: Describe how the DevOps Center provides an improved experience around change and release management. Explain how 
to use a visual dashboard to manage, monitor, and debug Salesforce Functions. Describe how to build integrations more seamlessly with External Services. 
Explain the advantages of Flow Automated Testing compared to manual testing. Explain how to access data managed by Amazon Athena stored within 
Salesforce. Describe how Preference Manager forms help you manage customer consent and communication preferences. Describe how Scoping Rules save a 
sales associate time. List the capabilities of the Publish-Subscribe API. DevOps Center DevOps Center provides an improved experience around change and 
release management that brings DevOps best practices to your development team, regardless of whether team members prefer clicks, code, or a bit of both. 
Sandboxes on Hyperforce: Quick Clone Quick Clone accelerates developer productivity by letting teams rapidly create replica Developer and Developer Pro 
sandboxes—so that they can reduce idle developer time, work in parallel, and build more-efficient continuous integration jobs. List of sandboxes in Setup with 
Clone option next to each Learn more about Sandboxes on Hyperforce: Quick Clone. Salesforce Functions Enhancements Help manage, monitor, and debug 
Salesforce Functions through a visual dashboard for developers. Learn more about Salesforce Functions enhancements. External Services Enhancements Build 
integrations more seamlessly with External Services, now with improved error read-outs when registering a schema. Configure your External Service screen 
Flow Builder Enhancements Is manual testing on every update too time-consuming? With the new Flow Automated Testing, you can now turn manual debug into 
automated tests and run every test scenario with a single click. Learn more about Flow Builder enhancements. Flow Orchestration Enhancements Now users are 
empowered to collaborate faster by completing tasks in Experience Cloud using Flow Orchestration'’s Work Guide. In addition, admins can empower other users 
to help spot bottlenecks and fast-track work using supervisor permissions. AWS Partnership Enhancements Our partnership with AWS makes it easier to build 
and launch applications, natively leverage AWS services, and securely connect data and workflows across Salesforce and AWS. Expanding on the partnership, 
we're adding Event Relays for AWS and Salesforce Connect Adaptor for Athena to the toolkit. Amazon Athena listed in an External Data Sources screen Learn 
more about AWS Partnership enhancements. Publish-Subscribe API The new API provides a single interface for publishing and subscribing to platform events, 
including change data capture and real-time event monitoring. The Pub/Sub API has better performance and game-changing features like real-time publish 
responses, subscription flow control, and 11 supported languages. Learn more about the Publish-Subscribe API. Private Connect Enhancements Route API 
traffic through a private, bidirectional connection between Salesforce data centers and Amazon Web Services to avoid the public internet. Now available in EMEA 
and APAC. Configure Your Connection step in the Create Inbound Connection setup Learn more about Private Connect enhancements. Privacy Center: 
Preference Manager Preference Manager is now available to help you manage customer consent and communication preferences. Build low/no code forms with 
filters for brand, data use purpose, and channel type. Drop your customized form into any web page and automatically update Salesforce records and objects. 
Manage Your Preferences page in Preference Builder Learn more about Privacy Center: Preference Manager. Security Center Enhancements Now you can see 
additional information about your connected tenants so you have a fuller picture of the details and information from these orgs. You can also use standard 
Salesforce reporting on all Security Center objects. Connected Tenants record page Learn more about Security Center enhancements. Scoping Rules 
Enhancements Scoping Rules help end-users focus on the records that are relevant to their job. In wealth management, for example, sales associates have 
access to far too many records since they support multiple financial advisors and teams. With Scoping Rules, the sales associate can choose a "scope," and 
limit the records they can see to increase productivity. Scoping rules are far more flexible than just wealth management, and can be used as a replacement for 
Divisions (Classic only) or other scenarios where users may need to focus on a specific brand, department, branch, or other grouping. Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/winter-23-release-highlights/e3caaa2cb936fbf7b83016d0272cc3c5_badge.png Winter '23 
Release Highlights 100% Progress: 100% View more modules Skip to main content 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/winter-23-release-highlights/e3caaa2cb936fbf7b83016d0272cc3c5_badge.png Module 
Winter '23 Release Highlights Explore Winter '23 product updates and new features, most of which are free. Products Sales Cloud +1,000 points Beginner Admin 
Completed 7/5/24 See What’s New with Sales and Service ~10 mins Completed See What’s New with Marketing, Commerce, and Loyalty ~25 mins Completed See 
What’s New with Analytics and MuleSoft ~15 mins Completed See What’s New with Platform: Build, Automate, and Secure ~15 mins Completed See What’s New 
with Slack and Related Apps ~15 mins Completed See What’s New with Financial Services and Health ~15 mins Completed See What’s New with Manufacturing 
and Public Sector ~10 mins Completed See What’s New with Communications, Media, and Energy & Utilities ~10 mins Completed See What’s New with Net Zero 
and Salesforce.org: NGO and Education ~10 mins Completed See What's New with Customer Success and Skilling & Enablement ~5 mins Completed 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/winter-23-release-highlights/e3caaa2cb936fbf7b83016d0272cc3c5_badge.png complete 
Completed 7/5/24 Skip to main content Development Lifecycle Management with Flosum Understand Platform Structure and Flow Time Estimate About 5 mins 
Topics Learning Objectives Flosum’s Platform Structure Flosum’s Development Flow Resources Challenge +25 points Get help with this badge Provide feedback 
for this badge Understand Platform Structure and Flow Learning Objectives After completing this unit, you’ll be able to: Describe key features of the Flosum 
platform structure. Identify the typical steps of the development flow within the Flosum platform. Note This module is sponsored by and produced in 
collaboration with Flosum, which owns, supports, and maintains the Flosum products, services, and features described here. Use of Flosum products, services, 
and features is governed by privacy policies and service agreements maintained by Flosum. Learn more about partner content on Trailhead. Flosum’s Platform 
Structure Salesforce admins and developers know that finding a tool that helps them manage changes across the entire development lifecycle is no easy task. 
Many DevSecOps (development, security, operations) tools are siloed, which makes visibility and collaboration between teams a real struggle. And still others 
are not suited for the unique needs of the Salesforce Platform. To deliver speedy, secure, and successful Salesforce releases, companies need a solution that 
streamlines processes, helps them quickly and easily identify and remedy code issues, keeps orgs in sync, and protects and preserves the integrity of customer 
data. Flosum is a complete, end-to-end solution for Salesforce DevSecOps that allows developers and operations teams to orchestrate changes throughout the 
development lifecycle. Because it’s built on Salesforce and uses the Salesforce interface, Flosum doesn’t need to access or move data elsewhere. The Flosum 
platform offers user-story management, built-in merge tools, version control, continuous deployments, static code analysis, regression-testing solutions, and 
more. Let’s explore Flosum’s structure through the elements of its navigation. Navigation Tab Functionality Home Tab Displays the Kanban board and 
SwimLanes, which let users track all stories, branches, and components; users can define and track promotion paths and manage all their work at the 
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organizational level. Orgs Tab Shows users the various orgs that are connected to Flosum, the high-level details of changes that have been made or deployed in 
each org, code coverage, the audit trail for each org, and more Comparison Tab Lets users compare different orgs to each other or compare an org to a branch 
or even to a repository or source Branches, Source, and Commits Tabs Give users access to the native version control functionality built entirely within Flosum, 
which they can use independently or integrate with other version control systems Peer Reviews Tab Allows users to merge the code of different branches and 


facilitate a peer code review Pipelines Tab Lets users define pipelines to automate and execute each step of the development process as code gets deployed 
upstream, or use pipelines for back promotions SwimLanes Tab Lets users view SwimLanes in the Kanban board Dashboard Tab Gives users the ability to view 
all of the reports, dashboards, and key performance indicator (KPI) metrics for the platform stored within Salesforce custom objects; users can use standard 
reporting or manipulate their reporting with another tool such as Salesforce CRM Analytics to reflect their business needs. Settings Tab Allows users to control 
all of the settings in the Flosum platform (system admins only) Flosum also helps teams connect all of their sandboxes, test orgs, and production environments 
to create a super-smooth development flow. Let’s get into it. Flosum’s Development Flow Ready to go with the flow? Here are the basic steps of development that 
the developer completes using the Flosum platform: Creates a branch. Commits components to the branch. Ties a user story to the branch. Makes a request for 
peer code review. Merges the various branches into a release branch. Uses Overwrite Protection to review and resolve any merge conflicts. Deploys the release 
branch to testing orgs and then to production. Commits their changes to the Flosum repository. The Flosum platform automatically deploys those changes to the 
production org and back-deploys to all sandboxes so that they remain in sync. Note This flow represents the “best practice” for development; keep in mind that 
the Flosum platform is flexible, so teams can use it in many ways and adapt it to their needs. Now that you’re familiar with the platform’s features and flow, it’s 
time to break down the first six development steps. Head on over to the next unit to prepare for deployment. Resources AppExchange: Flosum Blog Post: 
Flosum: How Flosum Takes The Stress Out Of Salesforce Deployments Blog Post: Flosum: Keys to Improve Salesforce DevOps Efficiency Quiz Complete! +25 
points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/development-lifecycle-management-with- 
flosum/50d2a00a1ad6a97101849a2adce4d418_badge.png Development Lifecycle Management with Flosum 100% Progress: 100% View more modules Skip to 
main content Development Lifecycle Management with Flosum Prepare for Deployment Time Estimate About 5 mins Topics Learning Objectives Creating a 
Branch Committing Components and Tying a User Story to a Branch Making a Request for Peer Code Review Merging Branches Using Overwrite Protection 
Resources Challenge +25 points Get help with this badge Provide feedback for this badge Prepare for Deployment Learning Objectives After completing this unit, 
you'll be able to: Describe creating a branch. Summarize steps for committing components and tying a user story to a branch. List the benefits of making a 
request for peer code review. Explain merging branches. Identify how Overwrite Protection helps users detect and resolve code conflicts. Creating a Branch In 
Flosum, a branch is an independent line of development that allows developers and Salesforce administrators to work in parallel with other team members while 
keeping their changes separate from the rest of the team’s changes. A branch is a separate part of—but connected to—a developer’s repository. A repository can 
contain multiple branches, and these branches can be merged into the repository when necessary. Flosum supports many types of branches, including: Feature 
branches: A feature branch consists of a user story containing each of the features being developed for that user story. (One feature per feature branch is 
recommended.) Release branches: After the feature branches move through quality assurance (QA), they are merged into a release branch. A release branch will 
hold the various feature branches until they’re ready to be pushed to production. Committing Components and Tying a User Story to a Branch After a developer 
has created a branch and tied a user story to the branch, they can modify the components in a development sandbox and add those components to a particular 
branch. Flosum automatically detects the components that have been changed in the development sandbox and shows the details of each component, when it 
was changed, who changed it, the component type, and the component’s name. Users have the option to filter and select components by type and to search 
components by name. (Flosum supports all component types that Salesforce supports, whether it’s metadata API or tooling API.) Note At this point in the flow, 
Flosum will run a code quality scan. Read more about this process here. Once a developer is assigned a user story, they can tie it to a branch in Flosum using 
Jira, ServiceNow, Azure DevOps, or another application lifecycle management (ALM) tool. For example, the user could search for a Jira ticket within the branch 
and append it to the branch. Making a Request for Peer Code Review When a developer submits a request, they’re asking that one or more of their team 
members complete a code review of a branch. Developers should ask for a code review before merging into shared branches, deploying to an org, or committing 
code to a repository. Making requests for peer code review: Increases communication among team members who are working on shared components. Informs 
team members about changes that have occurred. Results in higher quality deployments. Merging Branches The next step is merging the various user stories or 
branches that each developer is working on into a release branch. When a user merges branches, Flosum will show the conflicts between both branches or user 
stories that the user is choosing to merge. The user is then able to resolve the conflicts. Using Overwrite Protection With the Overwrite Protection feature 
(formerly known as “Impact Analysis”), users can compare their deployments and their target orgs to detect and resolve code conflicts. The main purpose of this 
feature is to prevent any changes on the org from being overwritten unintentionally. Users can complete these predeployment operations efficiently through 
Flosum platform’s seamless integration with Salesforce. Now we’re ready to dive into deployment. You'll learn all about it in the next unit. Resources Blog Post: 
Flosum: How Flosum’s Overwrite Protection Takes the Pain Out of Merge Conflict Resolution Video: YouTube: Create a Branch Using Flosum Video: YouTube: 
Commit Changes to a Branch in Flosum Video: YouTube: Tie a Jira Ticket (User Story) to a Branch in Flosum Webpage: Flosum Success Portal: Static Code 
Analysis Video: YouTube: Peer Review in Flosum Video: YouTube: Merging Branches in Flosum Video: YouTube: Overwrite Protection in Flosum Quiz Complete! 
+25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/development-lifecycle-management-with- 
flosum/50d2a00a1ad6a97101849a2adce4d418_badge.png Development Lifecycle Management with Flosum 100% Progress: 100% View more modules Skip to 
main content Development Lifecycle Management with Flosum Deploy a Release Branch to Production Time Estimate About 5 mins Topics Learning Objectives 
Deploying a Release Branch Using Pipelines Tracking and Managing the Development Process Resources Challenge +50 points Get help with this badge Provide 
feedback for this badge Deploy a Release Branch to Production Learning Objectives After completing this unit, you’ll be able to: Describe deploying a release 
branch. Identify how pipelines automate development processes. Summarize how users track and manage the dev process with the Kanban board and 
SwimLanes. Deploying a Release Branch All deployments are done from the branch records within Flosum. A user can deploy a release branch in one of two 
ways: Manually: Users execute a standard deployment where they select the org and push the components out to the org. Via Pipelines: Users configure the 
steps ahead of time and execute them automatically. (We will discuss more about this later.) When a user attempts to execute a deployment, it shows the 
deployment history at the top of the Deploy tab. The Flosum Deploy tab There, users can see: The deployment name. The changes that have been made. 
Destructive changes (the removal of components from an org). Users also can view the metadata logs of deployment, including: How many components were 
successfully deployed. Which components passed. Which components failed. Under other tabs within Deploy, users can see the following information and more: 
Which Jira stories were deployed (Jira) Who approved them (Approval History) Which components were changed (Manifest) Note After a developer commits their 
changes to the Flosum repository, the Flosum platform automatically deploys those changes to the production org and back-deploys to all sandboxes so they 
remain in sync. Using Pipelines A pipeline allows a user to define and automate the exact series of steps they want executed in the development process. Users 
can automate four different actions: Validations Deployments Rollbacks Webhook calls Pipelines perform these actions in a series of steps, and include 
dependent steps based on whether the preceding action has passed or failed. Pipelines also let users select the tests they want to run (for example, specified 
tests, included tests, or all test options). Let’s look at an example. Suppose a user has a feature branch that has been approved and is going to use a pipeline to 
deploy into the integrated development environment (IDE). If the validation is successful, it will deploy to the QA org. If the deployment is successful, it will 
complete the regression testing on the QA org. If the regression testing is successful, it will take that particular branch and promote it to the production org. If a 
deployment fails at any point along the way, it does not proceed to the next step. Tracking and Managing the Development Process The Kanban board on the 
Flosum Home tab shows where each user story sits in the development process in real time. The Flosum Home tab Users can see how many components are in 
a branch, how many errors were found, and other details. Users also can select any time frame in the Branches Updated drop-down menu to view changes within 
that time frame. The SwimLanes tab lets users configure the order or their operations and processes. Flosum helps teams easily manage their DevSecOps 
lifecycle and Salesforce deployments from beginning to end. The result is high-quality, continuous releases that keep pace with the demands of the market 
without sacrificing the security of valuable customer data. Resources Webpage: Flosum: Flosum Certified Learning Video: YouTube: Create a Pipeline in Flosum 
Video: YouTube: Set Up a Kanban Board in Flosum Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/development-lifecycle-management-with- 
flosum/50d2a00a1ad6a97101849a2adce4d418_badge.png Development Lifecycle Management with Flosum 100% Progress: 100% View more modules Skip to 
main content Attendance and Benefit Tracking in Nonprofit Cloud for Programs Get to Know Enrollments and Deliveries Time Estimate About 15 mins Topics 
Learning Objectives Before You Start Increase Insights and Impact Understand Schedules and Ad Hoc Benefit Deliveries Want to Get Hands-on with Nonprofit 
Cloud? Enroll a Program Participant Resources Challenge +25 points Get help with this badge Provide feedback for this badge Get to Know Enrollments and 
Deliveries Learning Objectives After completing this unit, you’ll be able to: Describe how benefit schedule, benefit session, and benefit disbursement records 
work together to track your work. Enroll a participant in a program. Note Salesforce offers Salesforce for Nonprofits, which includes integrated platform 
solutions and managed packages. This module provides information about Nonprofit Cloud for Programs, a platform solution. For information about managed 
package products, see Manage Your Mission with Program Management Module in Trailhead. If you’re not sure which solution your organization uses, check with 
your Salesforce administrator. Before You Start Before you start this module, consider completing the following recommended content. Programs and Benefits 
in Nonprofit Cloud for Programs Increase Insights and Impact When you report on your mission, you likely report high-level totals: the number of people served 
by a program or the amount of a particular benefit you delivered in a year. As you know, those high-level numbers are made up of many small moments. Each 
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class your team leads, every one-on-one counseling session, every meal distributed—it all adds up. In this module, you learn about those individual events, 
which are recorded as benefit disbursement records in Nonprofit Cloud for Programs. A nonprofit distributes meals after a natural disaster Nonprofit Cloud for 
Programs is an integrated Salesforce platform solution to give you the insights, collaboration, and efficiency tools to increase your impact. It helps nonprofit 
organizations like yours define, plan, deliver, and track programs and the benefits they provide—then connect the dots to make real-time decisions about how to 
improve your work. In this unit, we start by discussing some of those dots: The objects and records you use to track your work. Understand Schedules and Ad 


Hoc Benefit Deliveries The highest-level data in Nonprofit Cloud for Programs are program records, which track the thematic areas of your work. Each program 
can have many related benefit records, which track what your nonprofit provides to participants and recipients. If you haven’t set up your programs and benefits, 
start with the Programs and Benefits in Nonprofit Cloud for Programs badge. To track a program participant’s eligibility for benefits—like 12 classes or 5 hours of 
counseling—you use benefit assignment records to account for your benefit disbursements. Then, when you provide those benefits, you track that activity with a 
benefit disbursement record. Benefit disbursements store information about a service, like when it was provided and how much was given. You can measure 
your benefit disbursements in time, money, goods, or some other criteria. You’ll likely create many, many benefit disbursement records. So, Nonprofit Cloud for 
Programs helps you create and manage benefit disbursements in two ways: by scheduling them in advance and by creating them as needed when they occur. 
You use benefit schedule records to create disbursements for planned sessions. A benefit schedule helps you create one or more benefit sessions, to which you 
can add participants, track attendance, and efficiently create benefit disbursement records. A schedule can be one-time, recurring on a regular schedule, or 
include many sessions scheduled irregularly. When you create a benefit schedule, a benefit session record is automatically created for every occurrence in the 
benefit schedule if it’s recurring. If you offer a benefit that doesn’t have planned participation—such as a walk-in service or disaster relief—you can create ad-hoc 
benefit disbursements as needed. You review all of these different scenarios in this module. Want to Get Hands-on with Nonprofit Cloud? In this module, we show 
you the steps to manage attendance and benefit disbursements in Nonprofit Cloud. We don’t have any hands-on challenges in this module, but if you want to 
practice and try out the steps, register for a free Nonprofit Cloud trial org with sample data. A regular Trailhead Playground doesn’t have Nonprofit Cloud or our 
sample data. Here’s how to get the free trial edition now. Sign up for a free 30-day Nonprofit Cloud trial org. Fill out the form. Click Submit. A confirmation 
message appears. When you receive the activation email (this might take a few minutes), open it and click Verify Account. Complete your registration by setting 
your password and challenge question. Tip: Save your username, password, and login URL in a secure place—such as a password manager—for easy access 
later. Your Nonprofit Cloud trial org is ready. Enroll a Program Participant First, you must know how to enroll a participant in a program. You track this 
relationship with the Program Enrollment object. Note If you work with individuals, you might call the people you serve clients, students, guests, or something 
more specific. You might also serve animals or other organizations. We use the term participant here to refer to anyone—or anything—enrolled in your programs 
and benefits. We use the term recipient for those people who receive a benefit but aren't enrolled, such as an anonymous recipient. Program enrollments can be 
related to either contact or account records by default. Your person accounts for individuals appear in list views and search as both contacts and accounts, and 
organizations appear as only accounts. See Stakeholder Management in Nonprofit Cloud in Trailhead for details about person accounts. In this badge, you follow 
along with Hunger No More International (HNMI), a nonprofit working to end hunger and promote healthy food options globally by providing access to nutritious 
meals, education, and resources. You complete the same steps as Luke Richardson, an HNMI program manager for the organization’s nutrition education work 
who ensures that program’s effectiveness. Luke starts by adding a participant to one of HNMI’s programs by creating a program enrollment record. This example 
follows the standard process—yours may be different depending on what’s required to enroll a participant in a particular program. Work with your admin to 
create a custom enrollment process to fit your needs. Find and select Program Management from the App Launcher 
(https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/attendance-and-benefit-tracking-in-nonprofit-cloud-for-programs/get-to-know- 
enrollments-and-deliveries/images/7f466b2024fe866364fcf6479295829a_kix.irhs15to6v1.jpg). Select the All Programs list view. Select the Nutrition Education 
program from the list view. Click Add Participants. In the flow, select Contacts to add person accounts to the program. You can also select a list view to further 
filter the results. https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/attendance-and-benefit-tracking-in-nonprofit-cloud-for-programs/get-to- 
know-enrollments-and-deliveries/images/45d3e0d12e4fdf0107da5ed704ba7810_kix.qhxa6vd4fg1.jpg Find and select participants from the list. You can add as 
many as 20 participants to a program at once. Select Alex Brown. Save your work. A program enrollment record for the Nutrition Education program If your 
organization wants to track a set of participants as they move through a program together—such as everyone who starts a program in a particular month—group 
their program enrollments using the Program Cohort object. See Manage Program Cohorts and Cohort Members in Salesforce Help for details. Now that you 
know about the objects you use and have enrolled a program participant, you can dive in to benefit disbursements and benefit schedules in the next unit. 
Resources Salesforce Website: Try Nonprofit Cloud free for 30 Days Trailhead: Stakeholder Management in Nonprofit Cloud Trailhead: Nonprofit Cloud for 
Programs: Quick Look Trailhead: Programs and Benefits in Nonprofit Cloud for Programs Salesforce Help: Benefit Schedules and Benefit Participants 
Salesforce Help: Attendance and Benefit Disbursement Tracking Salesforce Help: Manage Program Cohorts and Cohort Members Trailhead: Manage Your 
Mission with Program Management Module Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/attendance-and- 
benefit-tracking-in-nonprofit-cloud-for-programs/f1410a751e1772a78526e52253497ec1_badge.png Attendance and Benefit Tracking in Nonprofit Cloud for 
Programs 100% Progress: 100% View more modules Skip to main content https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/attendance- 
and-benefit-tracking-in-nonprofit-cloud-for-programs/f1410a751e1772a78526e52253497ec1_badge.png Module Attendance and Benefit Tracking in Nonprofit 
Cloud for Programs Create schedules, take attendance, and track benefit disbursements. Skills you will gain Complete the badge to build your expertise. Learn 
More Scheduling Business Operations Business Analysis Products Nonprofit Cloud +400 points Intermediate Business User Completed 7/6/24 Get to Know 
Enrollments and Deliveries ~15 mins Completed Create and Manage Schedules ~20 mins Completed Manage Schedule Participants and Attendance ~20 mins 
Completed Manage Ad Hoc Disbursements and Anonymous Recipients ~15 mins Completed 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/attendance-and-benefit-tracking-in-nonprofit-cloud-for- 
programs/f1410a751e1772a78526e52253497ec1_badge.png complete Completed 7/6/24 Available on the following trail Manage Programs with Nonprofit Cloud 
Skip to main content https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/aws-cloud- 
acquisition/b2293578f08d3edae7076e38feb53d78_badge.png Module AWS Cloud Acquisition Learn the strategies and services that enable successful AWS Cloud 
buying and adoption. Skills you will gain Complete the badge to build your expertise. Learn More Cloud Solutions IT Management Business Solutions Products 
General +400 points Intermediate Business User Completed 7/6/24 Build a Cloud Procurement Strategy ~10 mins Completed Use the AWS Cloud Adoption 
Framework ~5 mins Completed Migrate to AWS Cloud ~10 mins Completed Innovate with AWS Cloud ~5 mins Completed 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/aws-cloud-acquisition/b2293578f08d3edae7076e38feb53d78_badge.png complete 
Completed 7/6/24 Available on the following trail Learn the AWS Cloud Practitioner Essentials Skip to main content Einstein Generative Al: Quick Look Get 
Started with Einstein Generative Al Time Estimate About 5 mins Topics Learning Objectives Al in the Spotlight GPT’s Predictive Power A Future with Generative 
Al Resources Challenge +25 points Get help with this badge Provide feedback for this badge Get Started with Einstein Generative Al Learning Objectives After 
completing this unit, you’ll be able to: Describe the core capabilities of generative Al. Describe how Einstein incorporates the power of generative Al. Al in the 
Spotlight Over the past decade we've witnessed artificial intelligence (Al) steadily improve at doing things we once thought only humans could do. This has led us 
to imagine a futuristic world with Al, but one that's still years away. Or so we thought. In early 2023 ChatGPT burst onto the scene, showing the world that the 
future is already here. Suddenly, Al is responding to complex questions with equally complex answers that sound as if they were written by a human. And 
because ChatGPT was released for anyone to use, people experienced first-hand how well it could hold a natural-sounding conversation. It has surprised and 
delighted, and sparked our imaginations yet again. It’s also raised questions about what it means for the future of work. In this Quick Look badge, you learn about 
GPT and how it fits into the larger concept of generative Al. Then, you'll learn how Einstein is the world’s first generative Al for CRM. GPT’s Predictive Power 
Okay, let's get this out of the way: GPT stands for Generative Pre-trained Transformer, which means a lot to Al researchers but not so much to you and me. Let's 
just stick with GPT and focus on what it does. At a high level, GPT is an Al tool that has been trained to write like we humans do. All it needs is a starting point in 
the form of a question, request, or even just the beginning of a sentence. And then it continues the thread to create paragraphs of text that are similar to 
something a real person would write. ChatGPT is a version of GPT that has been fine-tuned to better understand the intention of our instructions, and respond 
accordingly. You can even tell it to write in a certain style, whether it's poetry, a programming language, or as a pirate. For example, let's see what happens when 
you ask it to summarize the moon landing in pirate-speak: "Ahoy there! Avast ye, matey! 'Tis a tale o' adventure on the high seas o' space! Back in the year o' our 
Lord nineteen hundred and sixty-nine, a band o' brave sailors from the land o' America set sail on a quest to reach the moon. They be Neil Armstrong, Buzz 
Aldrin, and Michael Collins, and they be on a mission from NASA to land on the moon and plant the stars and stripes flag." It continues from there, completing 
the tale in the same silly vernacular. So how does it generate such convincing text? OpenAl, the creators of GPT, used a ridiculous amount of computing power to 
train it. They had it read millions of web pages to learn what words are used near each other, and how they're used together. That made GPT really good at 
predicting the next word of a sentence by using context. So, imagine you're asked to fill in the blank: "In conversations, my partner and | finish each other's 

-" You're likely to choose the word "sentences," and so is GPT. But if you change the context a little: "In restaurants, my partner and | finish each other's 

-" There's a better chance you would fill the blank with "sandwiches." Same with GPT. GPT writes paragraphs that follow a thread by making an educated 
guess at each new word in a sentence. It's way better than your phone's predictive text, which if used in the same way only gives you bizarre sentences that make 
for funny internet memes. GPT's ability to write coherent text falls into a broader category of Al known as generative Al. This includes Al tools that can create 
things like images or audio. As computing power increases, and research continues, generative Al will get better at creating work that’s convincingly human- 
made. It probably won’t be long before generative Al is part of your everyday life. A Future with Generative Al The arrival of mainstream generative Al has raised 
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a lot of questions about the future of work. People wonder if they'll be replaced with Al. They're concerned about the ethical use of a tool that essentially 
impersonates humans. They’re skeptical about the quality of what generative Al produces. Obviously, Al must be handled with care. Salesforce knows it's critical 
to establish principles for the ethical use of Al technology. And for the last 6 years, we've had an Al ethics group developing these principles. So when we launch 
new Al technology, we can help our customers navigate these difficult waters to do the business of business smarter and fairer. Check out the resources section 
to learn more. Our latest Al technology brings the incredible power of generative Al to Einstein and the Salesforce Platform. Einstein is built right into Salesforce, 


so it can use your own data to custom-tailor everything it generates to your unique business. And since Einstein is available across the entire Einstein 1 platform, 
it's there to improve every customer experience. We also recognize that the world of generative Al includes more than just ChatGPT. So we've designed Einstein 
to allow connections to other language models, such as Anthropic's Claude. This lets you "bring your own model" thanks to APIs and an open ecosystem of 
generative Al partners. Einstein is here to empower your business with amazing generative Al capabilities, using your data and your models for your 
experiences. Resources Salesforce Research: Trusted Al Salesforce: How Salesforce Research Uses Generative Al as a Force for Good Salesforce Help: 
Einstein Generative Al Glossary of Terms Salesforce Help: Einstein Generative Al Blog: How to Accelerate Your Success in the Age of Al Quiz Complete! +25 
points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/einstein-gpt-quick-look/c86af9c0c6c73b36ca6eeaba0800b7da_badge.png Einstein 
Generative Al: Quick Look 100% Progress: 100% View more modules Skip to main content Salesforce Business Scenarios: Quick Look Deliver your Business 
Objectives https://trailhead.salesforce.com/assets/trials/starter-cta-ace781ebd06060cbd46e5eb3ff380208661f845844b0637a0dfcc1f5633cc56a.png Grow your 
business with Salesforce Starter Deepen customer relationships with sales, service, and marketing in one app. Time Estimate About 5 mins Topics Learning 
Objectives What Are Business Scenarios? What’s Included in a Business Scenario? How to Use a Business Scenario Resources Challenge +25 points Get help 
with this badge Provide feedback for this badge Deliver your Business Objectives Learning Objectives After completing this unit, you'll be able to: Describe what 
a Salesforce business scenario is. Explain the benefits of using a Salesforce business scenario. Identify what’s included in a Salesforce business scenario. What 
Are Business Scenarios? We are in the middle of the Fourth Industrial Revolution. Companies must adapt to this hyperconnected world and delight customers 
who are demanding more personalized experiences. But how do you get started? While Salesforce has incredible technology that can power these customer- 
centric experiences, it’s not always easy to figure out how to tie all of our solutions into your particular business needs. To help you get started on your digital 
transformation journey, we have bundled our best content into common use cases. Business scenarios describe tangible, real-world use cases and offer flexible 
options to help you bridge the gap between your organization’s current business capabilities and the solutions needed to achieve your goals. For each scenario, 
you discover a variety of Salesforce solutions to help you meet your business objectives, reduce time to value, and even let you plan out longer-term 
implementation roadmaps. Business scenarios also highlight the platform-agnostic business capabilities that an organization, business, department, or team 
needs to successfully execute these objectives. Understanding what business capabilities are needed to implement a scenario can help align cross-functional 
teams around areas for investment, better strategize around technology solutions, and even help expose growth opportunities for team members. What’s 
Included in a Business Scenario? We’ve created a set of solutions, spanning any number of products, that map to various business scenarios. These are 
presented at increasing levels of complexity and come from a variety of trusted sources including Trailhead, Help, and Solution Kits. Included are solutions that 
most closely relate to your organization’s objectives. Each solution considers maturity requirements in terms of people and process, as well as business 
capability recommendations and best practices For example, the Data-Driven Advertising Business Scenario outlines a business scenario that exceeds customer 
expectations by delivering personalized advertising across all of a customer’s devices in a secure, privacy-compliant manner. In order to understand your 
customer you need to start with data. Delve into your data to develop a deeper understanding of your target shoppers, reach new levels of personalization, and 
increase audience reach with secure, targeted campaigns. Each business scenario includes the following. Recommended products: Products that can help you 
deliver data-driven advertising. Curated solutionsfrom trusted sources, such as Trailhead and Help & Training documents. o Beginner solutions are typically out- 
of-box capabilities that enable quick time to value. o Intermediate solutions require integration and custom work. o Advanced solutions are typically complex use 
cases that require a lot of work. Business capabilities: Best practices to grow your maturity and develop considerations for the solution implementation. 
Resources: Additional resources or business scenarios that support implementing the solution. How to Use a Business Scenario The business scenario answers 
the “what” and helps an architect or line of business manager understand which business capabilities are recommended, which products they need to consider 
as part of the solutions, and a curated set of solutions designed to meet these needs. These business scenarios provide you with the best practices and guidance 
on selecting the right solutions and products for your organization. Follow these steps to get started using business scenarios. Review business capabilities 
required to achieve the business scenario. Assess the maturity levels of your organization’s business capabilities. Review the best practices with minimum 
maturity level to understand how your business can improve in each area of capability. Review products and solutions to achieve faster time to value and build a 
roadmap as you increase your maturity. Resources Trailhead: Transform the Consumer Experience Guide: Quick Look Trailhead: Salesforce Solution Kits: Quick 
Look Salesforce Help: Use Business Scenarios to Identify Solutions Quiz Complete! +25 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/salesforce-business-scenarios-quick- 
look/9723345daa742be590b6c0261ae3b662_badge.png Salesforce Business Scenarios: Quick Look 100% Progress: 100% View more modules Skip to main 
content Cybersecurity Risk Management Get to Know Cybersecurity Risk Management Time Estimate About 5 mins Topics Learning Objectives What Is 
Cybersecurity Risk Management? The Importance of Managing Cyber Risks Knowledge Check Resources Challenge +50 points Get help with this badge Provide 
feedback for this badge Get to Know Cybersecurity Risk Management Learning Objectives After completing this unit, you’ll be able to: Describe the goals of a 
cybersecurity risk management program. Explain the importance of managing cybersecurity risks. What Is Cybersecurity Risk Management? Your company just 
closed a deal to use a new cloud computing service. Whoopee! This new technology makes it easier to automate application development and bring new 
opportunities. But let’s pause for a moment. Have you considered the potential impact if the data processed by this new technology is compromised by an 
attacker? Have you thought about the risks? This is where cybersecurity risk management comes into play. Cybersecurity risk management is the process of 
managing risks associated with digital business assets. It involves identifying, assessing, and mitigating risks to protect the confidentiality, integrity, and 
availability of an organization’s assets. As a cybersecurity risk manager you strive to improve visibility into risks at the enterprise, business unit, and system- 
level, in order to strengthen an organization’s cyber resilience. Cyber resilience refers to an organization’s ability to prevent, detect, respond, and recover from 
cyber threats. In a world of constant change, new cyber risks and threats arise daily. You enable their organization to respond to events in a timely way, in order 
to minimize business disruption and financial losses. Suffice to say, it’s a pretty important role! So, going back to our example at the beginning, how do you, as a 
cyber risk manager, identify the risks of using the new cloud computing service? To begin with, you need to consider the likelihood that known threats exploit 
vulnerabilities. For example, is there sensitive customer data stored in the cloud that an attacker would be interested in stealing? Are there known vulnerabilities 
in the applications running in the cloud that would allow an attacker to access the information? What is the potential financial, operational, and reputational 
impact on your company if such a breach occurs? How likely is it that this scenario actually happens? These are the types of questions a risk manager thinks 
about every day. Note A vulnerability is defined as the state of being exposed to the possibility of attack. In cybersecurity this can be a flaw in an application’s 
code that lets an attacker change the behavior of the application and steal sensitive information. Once the risk of a certain program, system, or technology is 
identified, the organization takes actions to protect itself from the risk. Imagine you are buying health insurance. When you have health insurance, you do not 
have to worry as much about the cost of your healthcare bills. If you have an accident, you know you can get good quality care and recover quickly. When you 
choose your insurance plan, you carefully consider the benefits and costs of each plan in order to decide on the one that best suits your healthcare needs. In the 
same way, as a cybersecurity risk manager, you compare the costs and benefits of mitigating cyber risk by implementing protections, and advising the 
organization to implement the best action plan. Image of a person comparing two healthcare plans surrounded by tools for managing risk, such as a calculator, 
money, stethoscope, thermometer, pills, and a prescription. Just like purchasing insurance reduces the risk associated with accidents, managing cyber risk 
“buys down” the potential impact if data is compromised by an attacker. Although it’s impossible to fully eliminate all risk, managing cyber risk minimizes the 
likelihood that an attacker can exploit a vulnerability. If an attacker is successful in breaching a system, risk management can still minimize business disruption 
and financial losses, so the organization can get back to business faster. The Importance of Managing Cyber Risks As your organization acquires new technology 
assets and becomes ever more connected, the threats to your customer’s and your business’ data expand as well. It’s time to put a plan in place to deliver the 
right amount of cyber protections, so your customers know that they can trust your organization to secure their information. Managing cyber risks means 
making conscious decisions about securing sensitive information. As a cyber risk manager, you work to make risk identification and evaluation easier, so 
everyone, from your boss to your customers, understands the organization’s tolerance for risk, and the actions and associated costs necessary to manage it. 
Although managing cybersecurity risk can’t ensure that you always make the correct decisions, it does ensure that everyone understands who is responsible for 
managing a given risk to acceptable levels. Every organization is unique when it comes to risk and how much it’s willing to take on. But managing cyber risks is 
an activity that is important for small and large organizations, around the world in every industry, from finance to healthcare to government to energy. Smaller 
companies may outsource risk management functions to a third party. You may be in charge of working with one of these vendors. Or you may even work for a 
company that sells cybersecurity risk management services. As a member of the cyber risk management team in a larger organization, you may need to work 
with many teams across the enterprise to holistically understand risk, including integrating with the Enterprise Risk Management Team. This team manages the 
organization’s financial, operational, legal, and other risks, in addition to cybersecurity risks at a strategic, enterprise level. Knowledge Check Ready to review 
what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next 
to the matching category on the right. When you finish matching all the items, click Submit to check your work. To start over, click Restart. Great work! 
Remember, no matter what type of organization you work for, the key is to find the right balance between rewards and risk tolerance. In the next unit, you learn 
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more about your responsibilities as a cybersecurity risk manager in balancing risk, and the skills that help you succeed in the role. Resources Trailhead: Cyber 
Resilience Program Development External Site: ISO/IEC 27005: 2022 Information Security, cybersecurity and privacy protection External Site: World Economic 
Forum: Why Cyberrisk Should Take Centre Stage in Financial Services External Site: National Institute of Standards and Technology Risk Management 
Framework for Information Systems and Organizations External Site: GitHub: Awesome-security-GRC Quiz Complete! +50 points 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/being-a-cybersecurity-risk-manager/a7a0b4d129db8bad78fb1e6a7a88772b_badge.png 


Cybersecurity Risk Management 100% Progress: 100% View more modules Skip to main content Cybersecurity Risk Management Learn the Skills of a 
Cybersecurity Risk Manager Time Estimate About 10 mins Topics Learning Objectives Cybersecurity Risk Manager Responsibilities Cybersecurity Risk Manager 
Skills Knowledge Check Sum It Up Resources Challenge +50 points Get help with this badge Provide feedback for this badge Learn the Skills of a Cybersecurity 
Risk Manager Learning Objectives After completing this unit, you’ll be able to: Describe the responsibilities of a cybersecurity risk manager. List key skills of a 
cybersecurity risk manager. Cybersecurity Risk Manager Responsibilities Are you a great analyzer, influencer, and problem solver? Do you enjoy understanding 
threats and analyzing data to better understand risk? Do you like to come up with action-oriented improvement plans? If so, managing cybersecurity risks can be 
the perfect job for you! Let’s meet David. He is a cybersecurity risk manager at a cybersecurity services company. David identifies and analyzes risks facing the 
organization and its systems, and then he prioritizes the most likely and impactful cybersecurity risks. He understands threats and challenges facing the 
organization, and gathers and uses data to assess risks to the business. His goal is to enable business system owners, executives, and other stakeholders to 
make risk-informed decisions to manage risks at an acceptable level. David has a challenging but pivotal role. It’s his job to try to mitigate risks by working with 
key stakeholders and leadership to lessen the likelihood and impact of a given risk. In doing so, David has to balance risks and rewards, much like someone 
carefully balances while walking across a tightrope. His company faces many threats to its valuable systems and data, such as denial of service attacks from 
malicious actors who want to overwhelm his servers so that his customers cannot access them. He also has a limited amount of financial, staff, and 
technological resources to address the risks posed by these threats. Once he has worked with partners to identify the most likely and highly impactful risks, it’s 
his job to help the organization prioritize risks in a logical way. A person balances on a tightrope using a pole with a scale holding a shield on one end, and a 
vulnerability bug on the other. David likes understanding how all the pieces of the risk puzzle in his organization fit together. He researches frameworks 
applicable to his given industry and uses them to assess the current protections and provide opportunities for improvements, in order to manage risks to an 
acceptable level. He also works with teams across the business to help them improve their risk posture. He makes sure each part of the organization 
understands its role in managing risk. Once he and his partners have assessed their risk and current protections, he advises system owners on the 
implementation of technical controls to help mitigate risk, and documents risk decisions for the organization. Note As a risk manager you are not responsible for 
implementing technical controls yourself, or for eliminating all risks facing the enterprise. Rather you work with system owners to prioritize high impact, likely 
risks for remediation and advise on mitigation strategies. David is like a detective who constantly searches for clues about the current risk posture of his 
company. Once mitigations have been put in place, he gathers data to help monitor the organization’s risk posture, and forms close relationships across the 
business to validate and assess the risk posture accurately. He has his finger on the pulse of the organization's risk posture at any given moment, and recognizes 
problems early. His work is never done, and he evolves his strategy for managing risk as the threat and technology landscapes evolve. Cybersecurity Risk 
Manager Skills So, like David, you’re ready to understand the threats against organizations and figure out how to thwart them in order to buy-down risk. What 
skills do you need to land your dream job? First, it helps to have a bachelor’s degree. Your degree doesn’t have to be in a specific area, but risk managers often 
have an educational background in computers, information science, engineering, systems analysis, information technology, cybersecurity, or even accounting. 
There are also certifications you can pursue to bolster your security skills, including the Certified Information Systems Security Professional (CISSP), Certified 
Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) certifications, to name a few. In terms of technical skills, as a 
cybersecurity risk manager you are a great analyzer, who understands cybersecurity and technology, systems management, and project management. You have 
skills in quantitative and qualitative data analysis, threat modeling, and scenario analysis. Risk modeling is another great skill to have, even if you’ve practiced it 
in another industry, such as finance. Technical skills help you as a risk manager understand and solve security problems, but you must also have business know- 
how. You use your influence and persuasion skills to advise on decisions with significant organizational impact. You are a great communicator who enjoys 
collaborating to get things done and advocate for security best practices. You like building trust and consensus across organizational teams, and you are both 
detail-oriented and think strategically to solve problems. Finally, as a cybersecurity risk manager, you have a passion for researching, analyzing, and applying 
different regulatory and policy frameworks to help your organization meet industry standards in an efficient manner. Some of the most common frameworks you 
should be familiar with are the General Data Protection Regulation (GDPR), National Institute of Standards and Technology (NIST) Cybersecurity Framework, and 
ISO/IEC 27001/2 Information Technology standards, although there are many more to learn about! Knowledge Check Ready to review what you’ve learned? The 
knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, arrange the list of items in the right-hand column in the correct 
sequence by dragging them from the left to the right in the order in which they should occur. When you finish ordering all the items, click Submit to check your 
work. To start over, click Restart. Sum It Up In this module, you’ve been introduced to the goals of managing cybersecurity risk, learned more about the 
importance of managing risk, and discovered the responsibilities and skills of a cybersecurity risk manager. In the next module, you learn how as a cybersecurity 
risk manager you identify risks and protect the organization. You also learn how you work across teams to detect risks and respond and recover from incidents. 
To learn more about cybersecurity and meet practitioners in the field, visit the Cybersecurity Learning Hub. Resources Trailhead: Explore the NIST Cybersecurity 
Framework Trailhead: The Center for Internet Security’s Risk Assessment Method External Site: SANS 20 Coolest Cyber Security Jobs Quiz Complete! +50 
points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/being-a-cybersecurity-risk- 
manager/a7a0b4d129db8bad78fb1e6a7a88772b_badge.png Cybersecurity Risk Management 100% Progress: 100% View more modules Skip to main content Web 
Application Firewalls Explore Web Application Firewall Security Time Estimate About 10 mins Topics Learning Objectives Before You Start What Is WAF 
Security? Why WAFs Are Critical for Organizations What Types of Threats Do WAFs Prevent? Sum It Up Resources Challenge +50 points Get help with this 
badge Provide feedback for this badge Explore Web Application Firewall Security Learning Objectives After completing this unit, you’ll be able to: Define web 
application firewall (WAF) security. Describe why WAFs are critical for organizations. Explain the types of risks WAFs prevent. Note This module was produced in 
collaboration with Fortinet. Learn more about partner content on Trailhead. Before You Start If you completed Get Started with Application Security, then you 
already know how to protect networks and prevent network attacks. Now let’s talk about how to use a web application firewall (WAF) to defend your application 
perimeter from malicious traffic. What Is WAF Security? According to Cloudflare, a WAF creates a shield between a web application and the internet; this shield 
can help mitigate many common attacks. It helps protect web applications by filtering and monitoring Hypertext Transfer Protocol (HTTP) traffic between a web 
application and the internet. Just as a tollbooth allows paying customers to drive across a toll road, and prevents nonpaying customers from accessing the 
roadway, network traffic must pass through a firewall, before it’s allowed to reach a server. WAFs use adaptable policies to defend against vulnerabilities in a web 
application, allowing for easy policy modification, and faster response to new attack vectors. A toll booth on a highway allows paying cars through and blocks 
nonpaying cars. A WAF defends applications from malicious traffic. While other security solutions, such as traditional firewalls, mostly work based on ports and 
protocols, a WAF has to understand and examine the application layer traffic. A WAF typically protects web applications from attacks such as: Cross-site request 
forgery (CSRF): Also known as Sea Surf or Session Riding, this is an attack vector that tricks a web browser into executing unwanted actions in applications 
logged into by the user. This attack can result in unauthorized fund transfers, changed passwords, and data theft. Cross-site scripting (XSS): An attack that tricks 
a web browser into running malicious code. That malicious code can be inserted in several ways. Often, it is either added to the end of a Uniform Resource 
Locator (URL) or posted directly onto a page that displays user-generated content. File inclusion: An attack technique in which hackers trick a web application 
into running or exposing files on a server. If this occurs, sensitive information could be exposed and in some cases lead to XSS and other damaging attacks. 
Structured Query Language (SQL) injection: An attack that surfaces as a result of malicious code being plugged into an unsuspecting database. With this 
technique attackers can access information that was not intended to be seen by the public, such as private customer details or company data, which is highly 
detrimental toward a business’s interests. Distributed Denial of Service (DDoS): An attack that disrupts normal traffic of a targeted server, service or network by 
overwhelming the target or its surrounding infrastructure with a flood of internet traffic. It uses multiple compromised computer systems as sources of attack 
traffic. Exploited machines can include computers and other networked resources such as Internet of Things (loT) devices. A WAF operates through a set of rules 
often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF comes in part 
from the speed and ease with which application security engineers can implement policy modification, allowing for faster response to the above attack types. In 
other words, a WAF is one of the tools responsible for securing business-critical web apps from the Open Web Application Security Project (OWASP) Top 10, 
zero-day threats, known or unknown application vulnerabilities, and an array of other web application layer attacks that can impact your organization. As 
organizations undergo new digital initiatives, their attack surface may expand as they enable new business. As a result, they often find that new web applications 
and application programming interfaces (APIs) become exposed to dangerous traffic due to web server vulnerabilities, a server plugin, or other issues exploited 
by threats that aim to disrupt organizations. WAFs help to keep these applications and the content they access secure. Why WAFs Are Critical for Organizations 
Organizations increasingly use web application technologies as part of digital innovation (Dl) efforts. As a result, organizations require a fundamental change in 
the way they conduct business using digital technology. DI means that you have more web applications touching more critical and sensitive data. Organizations 
that can protect their web applications can move faster, and can put new capabilities into the hands of their users more quickly, and more securely. For 
organizations to successfully implement DI efforts, they need to do more than simply deploy technologies. They also need to focus on the needs of customers, 
and be willing to embrace rapid change, including rapid adoption and technology deployment options to meet the needs of customers. Organizations can use 
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public cloud and Software-as-a-Service (SaaS) solutions to accelerate their businesses, but they must protect them with strict security rules. As organizations 
rapidly adopt these technologies, the speed of business operations also increases, and web application security flaws arise, leaving web applications at risk from 
threats hiding in internet traffic. As customers increasingly access business applications using unknown bring your own devices (BYOD) on networks that are 
not controlled with virtual private network (VPN) access, organizations should recognize the risks. Even network firewalls can be vulnerable. Traditional 
perimeter application security tools are not adequate for protecting internet-facing applications from OWASP Top 10 dangers and other application vulnerabilities 


found in network traffic. Organizations need a new set of rules and tools to defend business-critical applications— WAF is a solution that protects these 
applications and data. What Types of Threats Do WAFs Prevent? Modern web applications require a comprehensive WAF to protect important applications 
against multiple types of web attacks and other threats lurking in network traffic. The OWASP Top 10 “represents a broad consensus about the most critical 
application security threats to web applications.” Attackers often leverage these threats to target critical network appliances. The OWASP Top 10 includes: Top 10 
Web Application Security Risks Description 1. Broken access control When user access and restrictions are not enforced, unauthorized users can potentially 
access confidential files. 2. Cryptographic failures Since many web applications and APIs lack data security, attackers can exploit sensitive financial, healthcare, 
and personal information. 3. Injection When untrusted data is sent to an interpreter, an attacker can inject malicious code. What’s more, when an application 
includes untrusted data without validation, cross-site scripting (XSS) flaws occur that can be used to perform attacks. 4. Insecure Design Risks exist related to 
design flaws. These can be mitigated using threat modeling, secure design patterns and principles, and reference architectures. 5. Security misconfiguration 
Many legacy Extensible Markup Language (XML) processors evaluate extremal entities, which can be leveraged to disclose internal files. What’s more, default or 
ad-hoc configurations can lead to security misconfigurations that lead to vulnerabilities. 6. Vulnerable and outdated components Components often run with the 
same privileges as the application. If a vulnerability occurs, all components and applications can be compromised. 7. Identification and authentication failures If 
authentication mechanisms are not implemented properly, attackers can expose these vulnerabilities 8. Software and data integrity failures These failures can 
lead to remote code execution which can be used to perform attacks. 9. Security logging and monitoring failures Logging and monitoring that does not integrate 
with an incident response technology creates insufficient protection processes. 10. Server-Side Request Forgery (SSRF) Allows an attacker to induce the server- 
side application to make requests to an unintended location. This can result in unauthorized actions or access to data within an organization, either in the 
vulnerable application itself or on other back-end systems that the application can communicate with. However, taking the OWASP Top 10 into consideration is 
just the beginning. OWASP describes the Top 10 as a list of the most pervasive risks that organizations should consider. Modern WAF security must go further to 
address risks outside the scope of the OWASP Top 10, including the following. Risk Description Bots Bots are programs that interact with your applications and 
often mimic human interaction. Good bots may be allowed to interact with an application, and include: search engines, virtual assistants, and content 
aggregators (for example., price comparison sites). Bad bot activity can include: web scraping, competitive data mining, personal and financial data harvesting, 
account takeover and transaction fraud. Malicious uploads Many web applications allow users to upload their own content, which can include a variety of 
malicious code payloads. Unknown vulnerabilities Signature-based solutions cannot protect against newly discovered vulnerabilities. A robust WAF solution 
must be able to defend against threats for which no signatures exist. Zero-day attacks Zero-day attacks target previously unknown flaws in an application. When 
a threat actor discovers a zero-day vulnerability, they can use it to exploit systems that do not have additional defensive measures in place, such as a WAF. 
Distributed Denial of Service (DDoS) In a DDoS attack, attackers use a large number of systems, often a botnet of compromised computers, to overwhelm an 
application so that it cannot respond to legitimate user requests. Using DDoS attacks, attackers can attempt to simply overwhelm the system with traffic or may 
attempt to exploit a flaw in the application logic to achieve the same result. Sum It Up In this unit, you’ve learned about WAF security, and why WAFs are critical 
for organizations. You’ve also learned about the types of risks that WAFs minimize. Now let’s turn to discuss how WAFs deliver API protection. Resources 
Trailhead: Get Started with Application Security External Site: Cloudflare: What Is a WAF? External Site: Cloudflare: What is cross-site request forgery? Fortinet: 
What is WAF? Web Application Firewall Explained Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web- 
application-firewalls/bf9b51c8450e87ecd6e8168b8ec2830c_badge.png Web Application Firewalls 100% Progress: 100% View more modules Skip to main content 
Web Application Firewalls Learn How Web Application Firewalls Protect APIs Time Estimate About 5 mins Topics Learning Objectives How WAFs Deliver API 
Protection WAFs for Compliance Advanced Capabilities of Web Application Firewalls Choosing a WAF Product Knowledge Check Sum It Up Resources 
Challenge +25 points Get help with this badge Provide feedback for this badge Learn How Web Application Firewalls Protect APIs Learning Objectives After 
completing this unit, you’ll be able to: Identify how web application firewalls (WAFs) deliver application programming interface (API) protection. List how WAFs 
help organizations meet compliance rules. Define how advanced WAF capabilities can help your organization protect data from modern threats. Describe how to 
choose a WAF product. How WAFs Deliver API Protection The days of basic websites serving up simple Hypertext Markup Language (HTML) pages have passed. 
Traffic has become more sophisticated. Web applications today deliver mission-critical services using APIs that provide richer, more responsive experiences by 
letting the client process raw data instead of just rendering simple HTML. These API tools also support the mobile applications that users in the community need 
to access. When the client has access to a large amount of application data, the impact of an attacker exploiting the API's rules when a WAF isn't in place can be 
significant. These tools require a WAF to ensure they are protected from OWASP Top 10 threats. WAFs can protect against file inclusion vulnerabilities and 
others seeking to take advantage of internet traffic, a server plugin, or other vulnerabilities. Note Not all WAFs have API security capabilities. The addition of API 
capabilities is how WAFs evolve to web application and API protection (WAAP). A traditional web application makes a get request to a server, and the browser 
renders HTML. API-based applications rely on more powerful clients to process raw data. WAFs for Compliance Making the data that web applications rely on 
available to the application often comes with compliance obligations. WAFs help organizations meet compliance rules as well. Regardless of your service 
provider, compliance needs to be your primary priority. Payment Card Industry Data Security Standard (PCI DSS), for example, defines a set of application 
security standards that organizations handling credit cards must comply with. PCI 6.6 specifically will often come up when discussing web application firewall 
technologies designed to keep traffic and assets secure. The standard requires inspection of traffic to web applications that interact with card data. To comply 
with the standard, organizations have two options. Web application code reviews (which can slow down deployments) Deploying WAFs between the client and 
the web application. In a world where organizations are expected to frequently and rapidly deploy code changes as they adopt software development and IT 
operations (DevOps) methodologies, a robust WAF will often be a better solution for meeting these types of compliance rules while protecting the organization 
from OWASP Top 10 threats. Advanced Capabilities of Web Application Firewalls Let’s take a look at some advanced WAF capabilities, such as machine learning, 
for delivering both accurate detection and reduced management overhead. Machine Learning Traditional web application learning techniques require manual 
tuning and are prone to false positives. Tuning applications every time there is a change and remediating false positives drives up administrative overhead for 
teams and others in the organization's community that may already be overburdened. WAFs can use machine learning to update their protection model 
automatically as the web application evolves. This means application security teams and others in the IT department spend less time manually tuning the web 
application firewalls according to traffic and creating exceptions based on false positives. Advanced Reporting WAFs can provide organizations full visibility into 
event details. They can generate attack logs that include the critical information that security operations center (SOC) analysts need, such as the Hypertext 
Transfer Protocol (HTTP) body information, and clear indications on why security rules require an application request to be blocked. Choosing a WAF Product In 
choosing a WAF product, organizations should look for one that includes the following capabilities. Backed by threat intelligence OWASP Top 10 protection API 
WAF management Bot mitigation DDoS protection File protection Information leak prevention Cross site request forgery (CSRF) protection Web socket security 
API security You should also consider the infrastructure used to deliver the WAF, whether it can be easily integrated with your sandbox and other security 
solutions, whether it includes a content delivery network (CDN), and whether its attack logs can be easily exported to your external Security Information and 
Event Management (SIEM) tool. Knowledge Check Ready to review what you’ve learned? The following knowledge check isn’t scored—it’s just an easy way to 
quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to 
check your work. If you’d like to start over, click Reset. Sum It Up In this module, you’ve been introduced to WAFS, and learned why they are an effective security 
strategy for business success. You’ve also learned about advanced capabilities of WAFs, and the importance of having a WAF solution that also provides its own 
API for managing the WAF itself. You now have the knowledge you need to implement WAFs at your organization. Interested in learning more about 
cybersecurity roles and hearing from security professionals? Check out the Cybersecurity Career Path on Trailhead. Resources External Site: Fortinet: What Is 
WAF? Web Application Firewall Explained Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/web-application- 
firewalls/bf9b51c8450e87ecd6e8168b8ec2830c_badge.png Web Application Firewalls 100% Progress: 100% View more modules Skip to main content 
Cybersecurity Compliance Analysis Get to Know Cybersecurity Compliance Analysis Time Estimate About 5 mins Topics Learning Objectives What Is 
Cybersecurity Compliance? The Importance of Cybersecurity Compliance Cybersecurity Risk Management vs Compliance Sum It Up Resources Challenge +50 
points Get help with this badge Provide feedback for this badge Get to Know Cybersecurity Compliance Analysis Learning Objectives After completing this unit, 
you'll be able to: Describe the goals of cybersecurity compliance analysis. Explain the importance of cybersecurity compliance analysis. What Is Cybersecurity 
Compliance? Cybersecurity trailblazers make security intrinsic to their business. There’s a rising and enormous cost associated with data breaches, a trend 
that’s driving the need for more robust cybersecurity strategies. According to a report by Accenture, in their annual survey among 4,744 global respondents 
around the current state of cybersecurity resilience, about one-third of all respondents say poor governance and compliance is a problem. To help protect 
businesses and consumers from these breaches, governments, regulators, and organizations put in place laws, regulations, standards, and policies that address 
issues of cybersecurity and data protection. If your business collects, stores, or uses sensitive information, then failure to comply with these mandates can have 
a profound impact on your business processes. A data breach can lead to a significant financial loss, market share value loss, as well as costs spent on 
compensating affected customers. In general, compliance is defined as following rules and meeting requirements. In cybersecurity, compliance means creating 
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and maintaining a program that establishes risk-based controls to protect the confidentiality, integrity, and availability (CIA) of information stored, processed, or 
transferred. These controls are used to demonstrate adherence to the applicable compliance requirements in order to establish the necessary level of security. 
Cybersecurity compliance analysis is the process of assessing whether the behavior of an information technology (IT) system or application conforms to the 
cybersecurity rules and regulations in force. Effective cybersecurity compliance analysis helps you prioritize compliance risks, maps compliance risks to the 
applicable parts of the organization that must help address them, and effectively allocates resources to mitigate compliance risks. This analysis can be 


performed either by an internal team or a third party. While a business may have compliance analysts focused on other types of rules and regulations—such as 
standard accounting principles, medical treatment protocols, or laws against criminal activity—cybersecurity compliance involves rules and regulations 
specifically pertaining to protecting sensitive data by securing IT systems. As a cybersecurity compliance analyst, your work helps to protect sensitive 
information, including: Personally identifiable information (Pll), such as first and last name, date of birth, and government-issued personal identification number 
(PIN). Protected health information (PHI), such as medical history, records of admissions, and prescription records. Financial data, such as credit card numbers, 
bank account numbers, and debit card PINs. Authenticators, including biometrics such as fingerprints, voice prints, and facial recognition data. Other sensitive 
data, such as IP addresses, email addresses, usernames, and passwords. Failing to adequately screen your and your suppliers’ security for protections of this 
data can increase the likelihood of data breaches, which can shut down operations, damage customer trust, and incur hefty regulatory penalties. For these 
reasons, your analysis of the security compliance of your organization's internal and external systems must be comprehensive, efficient, and scalable. A 
cybersecurity compliance analyst surrounded by a document labeled “PII” and secured with a padlock, as well as a magnifying glass examining a system 
diagram with a check mark The Importance of Cybersecurity Compliance Now that we know what cybersecurity compliance is, let’s talk about why it’s important. 
Cybersecurity compliance helps companies, governments, and other entities process sensitive data securely. It makes sense of existing and new laws, 
regulations, standards, and policies to help organizations ensure they follow cybersecurity rules or guidelines. Cyberattacks happen all the time, and the number 
and variety of attacks continues to grow, making efficient cybersecurity difficult for most organizations. With a drastic shortage in trained cybersecurity 
professionals, today’s environment has become increasingly challenging. As a cybersecurity compliance analyst, you play a crucial role in protecting your 
organization from the next attack. Cybersecurity Risk Management vs Compliance It’s important to note that, while similar, cybersecurity risk management and 
cybersecurity compliance are not necessarily the same thing. Compliance requirements often lag behind cybersecurity risk. Simply put, it’s not enough to just be 
compliant with the bare minimum regulatory requirements. Your organization should also understand its cybersecurity risk posture as a whole, and put in place 
policies and controls to respond to these risks. In doing so, you have a crucial role to play. You must work with the cybersecurity risk managers in your 
organization to ensure not only compliance with applicable regulations, policies, and frameworks but also that the organization is doing its best to create a 
security culture that extends beyond compliance. A key part of this is streamlining cybersecurity efforts to be both compliant and secure, without imposing 
multiple, competing requirements on the business. You do so by cutting across organizational silos, aggregating information, and working with cybersecurity 
risk managers to provide a 360-degree view of IT risk, compliance, policy management, and vendor security practices. This enables your organization to execute 
and manage an effective cyber resilience strategy that both addresses compliance concerns and ensures the organization is managing cyber risk holistically 
without increasing the reporting burden on your teams. Cybersecurity compliance touches every business that needs to collect, maintain, analyze, and protect 
some type of sensitive data. This makes cybersecurity compliance important, no matter what industry you work in. What’s more, organizations that perform 
internal audits and undergo third-party audits and assessments know it plays a critical role in helping their ongoing battle of managing cyber threats. These 
audits and assessments provide an independent review of existing and needed controls, and help the organization understand and address the diverse risks of 
the digital landscape. Meeting or exceeding regulatory compliance standards and requirements has benefits for organizations beyond protecting sensitive data 
as required by law. Implementing the appropriate safeguards and security measures to protect sensitive customer and employee information bolsters your 
company’s security posture. This, in turn, helps to protect intellectual property such as trade secrets, software code, product specifications, and other 
information that gives your company a competitive advantage. Sum It Up Now you understand more about cybersecurity compliance analysis. In the next unit, 
you learn more about the duties and qualifications of a cybersecurity compliance analyst, and discover the skills that help cybersecurity compliance analysts 
succeed. Resources External Site: Accenture: The state of cybersecurity resilience 2021 Trailhead: The Emerging Future of Cybersecurity External Site: Center 
for Internet Security (CIS): How to Build a Cybersecurity Compliance Plan (with Free CIS Resources) PDF: Fortinet: Why Compliance Is a Critical Part of a 
Cybersecurity Strategy Quiz Complete! +50 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/cybersecurity-compliance- 
analysis/d680700ae8917d8fe7d7e01a228ced58_badge.png Cybersecurity Compliance Analysis 100% Progress: 100% View more modules Skip to main content 
Cybersecurity Compliance Analysis Discover the Skills of a Cybersecurity Compliance Analyst Time Estimate About 10 mins Topics Learning Objectives A 
Cybersecurity Compliance Analyst Career Cybersecurity Compliance Analyst Skills Sum It Up Resources Challenge +25 points Get help with this badge Provide 
feedback for this badge Discover the Skills of a Cybersecurity Compliance Analyst Learning Objectives After completing this unit, you’ll be able to: Describe a 
cybersecurity compliance analyst career. List key skills relevant to the role of a cybersecurity compliance analyst. A Cybersecurity Compliance Analyst Career 
Let’s explore whether you'd be a good fit for the role of a compliance analyst by starting with some questions. Who are you? Are you driven to make businesses 
more secure? Are you passionate about process improvement? Do you thrive on developing innovative insights to solve complex challenges? If you answered 
yes to these questions, then cybersecurity compliance analysis may be a great fit for you. What do you like to do? The work of a compliance analyst involves 
conducting audits and assessments, and assisting with risk management reviews and third-party assessments. In this role, your goal is to ensure the 
confidentiality, integrity, and availability (CIA) of an organization’s data and systems. You also work with teams across the organization to identify and mitigate 
cybersecurity compliance risks, and manage reporting on cybersecurity compliance to both internal and external stakeholders. You document the organization's 
cybersecurity compliance posture in written reports, manage compliance efforts to meet both internal and external deadlines, and help prioritize the most critical 
compliance gaps to be addressed first. What type of organization do you want to work for? You might work for an advisory service firm, helping companies 
develop reports to demonstrate compliance with various laws, regulations, and standards. You may work in the healthcare industry, helping your organization 
protect patients’ protected health information (PHI) by assisting with compliance and documentation tasks. Or, you may work for the government, participating in 
the steps of the authorization process to ensure government systems are secure, and documenting security controls in approved templates and forms. Almost 
every industry that conducts digital business needs cybersecurity compliance analysts. When are you involved in an organization’s work? When in the audit and 
compliance lifecycle do you get involved? You have a role to play every step of the way—from helping put in place organizational policies that ensure your 
systems are compliant with applicable laws and regulations, to supporting internal and third-party audits, or inspections, of systems in production to ensure that 
cybersecurity standards are upheld. You also contribute to security designs during system development and help to maintain a compliant system once it’s been 
deployed. Being involved throughout the entire lifecycle of a system is key. For example, if you work at a merchant that accepts cardholder data, you may have 
verified during system development that your payment system satisfies the Payment Card Industry (PCI) Data Security Standard (DSS) requirements. But if the 
system is then improperly deployed, or deployed in a hosting environment with other violations, you have not achieved compliance. Maintaining system controls 
and preventing configuration creep entails putting in place processes and measures that can be tracked and checked in real time to keep from falling out of 
compliance. How are you successful in the role? How do you accomplish all of this? To give you a closer look, let’s meet Earl, a cybersecurity compliance 
analyst. He works at a government organization that specializes in protecting consumer financial interests by creating and enforcing consumer financial 
protection laws, including laws about how companies must implement cybersecurity protections to protect customer financial data. As a cybersecurity 
compliance analyst, Earl: Provides guidance to help financial companies understand and comply with cybersecurity rules and statutes related to customer 
financial data. Some of these resources include regulatory guidance, a map of money transmission laws, and guides for financial sector executives, for example. 
Conducts examinations of how companies comply with laws related to securing customer financial data. For example, under the Gramm-Leach-Bliley (GLB) Act 
and the Federal Trade Commission (FTC)’s Safeguards Rule, financial institutions must have measures in place to keep customer information such as names, 
phone numbers, and credit card account numbers secure. Earl may conduct examinations of these financial institutions to verify they have a written 
cybersecurity plan that describes their program to protect customer information. Leads deep dives into systems that accept, store, process and transmit 
cardholder data at merchants, banks, and credit card processors to evaluate their compliance with regulations to investigate security gaps. Evaluates how 
companies’ policies stack up to regulations by analyzing documentation, roles and responsibilities, and processes to ensure systems meet security 
requirements. Assesses management and technical controls to ensure specific security compliance requirements are met. Some of these requirements include 
building and maintaining a secure network and systems, protecting cardholder data, and maintaining a vulnerability management program, to name a few. 
Validates the maintenance of secure configurations for systems, such as those that accept, store, process, and transmit cardholder data. Shares key examination 
findings to help organizations limit security risks and comply with laws relating to securing customer financial data. Works in a consultative role to help 
organizations securely navigate an evolving information technology (IT) environment and stay compliant with applicable laws and regulations. Why should you 
consider this role? Why should you consider a cybersecurity compliance analyst career like Earl's? This is a fast-growing field in a crucial industry. As a 
cybersecurity compliance analyst, you work across the business, getting exposure to implementing and managing the various aspects of a security program— 
including perimeter defense, access control, encryption, and more. You also make a real impact in raising awareness of the potential for a data incident, and 
contributing to the organization’s compliance reporting. This role also has lots of room to learn and grow. Last but not least, you can earn competitive 
compensation. Sounds pretty great, right? Cybersecurity Compliance Analyst Skills Like Earl, you’re excited about helping organizations understand, implement, 
and comply with cybersecurity laws, regulations, standards, and policies. So, what education and skills do you need to pursue this career? Education It’s 
possible to find certain entry-level cybersecurity positions that require applicants to have a course of post-secondary study lasting 2 or 3 years. However, most 
Page 50/52 


MIP-349-24-0100-000 


jobs require a 4-year bachelor's degree in cybersecurity or a related field, such as IT or computer science, a science, technology, engineering, and mathematics 
(STEM) discipline, or business administration. Cybersecurity students sit at desks; above them is an image of a computer with a lock in the middle, and behind 
that is a globe with 1s and 0s. Experience Typically, employers look for candidates with anywhere from 2 to 8 years of experience analyzing the development of 
cybersecurity policies and strategies. Experience with risk analysis is also valuable. Cybersecurity compliance analysts also need experience briefing clients and 
team members on technical, policy, and functional issues. Certifications To help you skill up and get your foot in the door, pursuing a certification is a great idea. 


Here are some common certifications for cybersecurity compliance analysts (note that some certifications require a certain number of years of experience 
before they can be obtained). The Computing Technology Industry Association (CompTIA) A+ (Plus) Certification The International Information System Security 
Certification Consortium (ISC)? Certified Information Systems Security Professional (CISSP). Note that this certificate requires 5 years of experience to complete. 
If you do not have the requisite experience, you can become an Associate of (ISC)? in the meantime while you gain the required work experience. The Information 
Systems Audit and Control Association (ISACA) Certified Information Systems Auditor (CISA). Note that this certificate requires 5 years of experience, but there 
are some ways to bring that down based on other related work experience and education. The Global Information Assurance Certification (GIAC) Security 
Essentials (GSEC) Certification ISACA Certified in Risk and Information Systems Control (CRISC) Certification Knowledge As a cybersecurity compliance 
analyst, having a solid understanding of the basics—such as security frameworks, regulations, and standards—is key. You should have strong familiarity with 
security governance, compliance, and risk management frameworks such as the National Institute of Standards and Technology’s (NIST’s) Cybersecurity 
Framework, ISACA’s Control Objectives for Information Related Technology (COBIT) framework, and PCI DSS, to name a few. It’s also helpful to have knowledge 
of control assessment techniques, which include questionnaires, on-site visits, and penetration tests. Additional areas of expertise that are helpful, but not 
required, include data protection, access control, network and endpoint security, incident response and handling, vulnerability management, and firewalls. 
Business Skills In addition to these technical skills, it’s also critical to hone your business skills. A huge part of being successful as a cybersecurity compliance 
analyst is effectively communicating and documenting requirements and findings, analyzing security gaps, and thinking strategically. You should know how to 
consult with various stakeholders in an organization, as well as demonstrate exemplary leadership and organizational skills. You should enjoy working as part of 
a team, researching answers to questions and problems, and paying close attention to detail. Skills-first While traditional qualifications like education and 
certifications are important, cybersecurity is increasingly shifting toward a skills-first approach. This means employers are prioritizing demonstrated evidence of 
skills and abilities over formal credentials alone. To prepare for this changing landscape engage in team and independent projects that build proficiency in key 
skills. Document these projects in a portfolio of work (e.g., github, personal website) as tangible proof of your proficiency to send along with a resume and to 
showcase during interviews. Finally, during interviews, be prepared to demonstrate to employers that you possess the required skills they seek. Sum It Up In this 
module, you’ve been introduced to the goals of cybersecurity compliance analysis. You’ve learned more about the importance of cybersecurity compliance in 
thwarting cyberattacks and helping your organization follow laws, regulations, and policies to reduce security risk. You’ve also discovered the duties, skills, and 
qualifications of a cybersecurity compliance analyst. In the next module, Cybersecurity Compliance Analyst Responsibilities, you learn how to identify 
cybersecurity compliance gaps and manage cybersecurity compliance risks. You also learn how to detect changes in cybersecurity compliance posture and 
respond to and recover from cybersecurity compliance incidents and findings. Interested in learning more about cybersecurity roles and hearing from security 
professionals? Check out the Cybersecurity Learning Hub on Trailhead. Resources External Site: NIST: Getting Started with the NICE Framework Trailhead: 
Cybersecurity Certificates and Certifications Quiz Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/cybersecurity- 
compliance-analysis/d680700ae8917d8fe7d7e01a228ced58_badge.png Cybersecurity Compliance Analysis 100% Progress: 100% View more modulesSkip to 
main content Grantmaking: Quick Look Meet Grantmaking Time Estimate About 5 mins Topics Learning Objectives Goal: Grantmaking Greatness The Salesforce 
Framework for Managing Grants Grantmaking in Action Resources Challenge +25 points Get help with this badge Provide feedback for this badge Meet 
Grantmaking Learning Objectives After completing this unit, you’ll be able to: Explain the key features and tools in Grantmaking. Define some objects used to 
track information with Grantmaking. Describe examples of how to use Grantmaking at public sector and nonprofit organizations. Note Salesforce offers both 
integrated platform solutions and managed packages. This module covers Grantmaking, an integrated solution in Salesforce. For more information about Grants 
Management, a managed package product that’s different from Grantmaking, complete the Grants Management Basics module. If you’re unsure which solution 
your organization uses, check with your Salesforce administrator. Goal: Grantmaking Greatness If you work for a grantmaking organization, or a nonprofit that 
delivers funding, you’re in the business of progress. Sure, the way you achieve those outcomes is by processing applications and granting money to people and 
organizations working toward your shared goals—but you’re looking for results. You need a solution that delivers, manages, and tracks funding programs to 
create stronger outcomes. A system that minimizes your time spent on process and compliance is key to success. Meet Grantmaking, a Salesforce solution for 
foundations, nonprofits, government agencies, and other public sector organizations that provide funding for a specific purpose. It’s an end-to-end grantmaking 
solution that drives efficiency, creates positive experiences for grantees, and invests in better outcomes. Grantmaking helps you manage the entire grantmaking 
process. It extends your Salesforce instance to give you a unified view of your funding programs throughout the planning, delivery, and evaluation stages. Plus, a 
site template for Experience Cloud helps you create an online portal to communicate and collaborate with your grantees. Here’s an example home page based on 
the site template. The home page of a website for Mountain Rise Foundation. The home page presents the imaginary foundation's mission statement with options 
to access funding opportunities, the application process, awards, and more. In this Quick Look module, you gain an overview of Grantmaking and its features. 
The Salesforce Framework for Managing Grants Grantmaking adds to Salesforce’s relationship management tools with features designed to manage funding 
opportunities, set grant budgets, review grant applications, award grants, and manage disbursements on an ongoing basis. Let’s explore some objects that help 
you do that. Start by creating your funding programs in Salesforce using the Program object. Use the Budget object to define program spending. Budgets enable 
you to set and track grantmaking budgets for each of your programs, projects, or departments. For example, create budgets for the amount of money available to 
a program each year. Applicants can also submit project budgets when they apply, based on templates you configure. You manage available grant opportunities 
using the Funding Opportunity object. Funding opportunities can include descriptions of available grants, application instructions, and application start and end 
dates. You can display these opportunities through your Experience Cloud site, too. Funding opportunities can be related to application forms you create using 
the Action Plan Template, Individual Application Task, and Application Stage Definition objects, along with Omniscript, Flexcard, and Flow Builder. After an 
application is entered, you track it from start to finish with the Individual Application object. After an application is in the system, capture feedback from your 
team using the Application Review object. Standardize how your team works using built-in Salesforce automation tools and other features like action plans, 
document checklists, and approval processes. Then, manage your decisions using the Application Decision and Funding Award objects. Plus, track money sent 
to grantees using the Funding Disbursement object. Manage additional steps a grantee must take—like interim or annual reports—using the Funding Award 
Requirement object. Then track spending against the budget to neatly close the cycle. Grantmaking in Action By now you can imagine how Grantmaking fits into 
your organization’s grantmaking lifecycle. It helps to explore some examples, though. Let’s start by visiting the city of Cosville. Its small business administration 
focuses on boosting the municipality’s economy. However, it spends too much time on cumbersome administrative processes like collecting feedback and 
entering budget data. With Grantmaking and an Experience Cloud site, Cosville can track reviews in one place to speed up decision making and automate manual 
tasks. Then it can work with grantees to file their budget numbers directly into Salesforce through an Experience Cloud portal. The result: More time spent on 
outcomes, less on data entry and chasing down reviewers. Now imagine the Mountain Rise Foundation (MRF), a private foundation. It has a small-but-mighty 
team that wants to build better relationships with grantees. By using Grantmaking and an Experience Cloud site, the foundation streamlines communications 
with applicants and grantees at every step of the grantmaking lifecycle. Grantmaking has transformed the grantee experience and optimized program outcomes. 
Can you think of how Grantmaking could fit into your organization? Resources Salesforce Website: Public Sector Solutions Salesforce Help: Grantmaking 
Trailhead: The Grantmaking Lifecycle in Salesforce Trailhead: Grantmaking Site Template for Experience Cloud Trailhead: Grants Management Basics Quiz 
Complete! +25 points https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/grantmaking-quick- 
look/e91b4304eb1fb7641ab72ee72c6b05dd_badge.png Grantmaking: Quick Look 100% Progress: 100% View more modules Skip to main content 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/cybersecurity-compliance-and- 
regulation/f349b193978de64892584f011f77bd61_badge.png Module Cybersecurity Compliance and Regulation Discover the key players, rules, and challenges of 
compliance and regulation. Skills you will gain Complete the badge to build your expertise. Learn More Data Management Data Governance and Ethics 
Cybersecurity Products General +400 points Beginner Cybersecurity Completed 7/7/24 Learn Compliance and Regulatory Fundamentals ~10 mins Completed 
Meet the Role Players ~5 mins Completed Identify Compliance Trends ~10 mins Completed Learn How to Satisfy Guidelines ~5 mins Completed 
https://res.cloudinary.com/hy4kyit2a/f_auto,fl_lossy,q_70/learn/modules/cybersecurity-compliance-and- 
regulation/f349b193978de64892584f011f77bd61_badge.png complete Completed 7/7/24 On Fri, Jul 5, 2024 at 3:14PM tshingombe fiston wrote: Skip to main 
content Help My Cases My Cases Trailhead HELP Case History > engineerin assessmen police , electrical theory pratical business studie Case #01220406 Open 
Case #01220406 engineerin assessmen police , electrical theory pratical business studie Date Created Jul 05, 2024 Assigned to Trailhead Help Status Open Topic 
Trailhead Content Feedback Region Europe/Middle East/Africa Issue Type Unclear Wording Badge Name Prospect Tracking with Salesforce Leads: Quick Look 
Description enginnering business studie learning attach files The selected file type is not supported. Supported file types are jpg, png, jpeg, gif, img, and pdf. 
Skip to main content Prospect Tracking with Salesforce Leads: Quick Look Track Prospects with Salesforce Leads Grow your business with Salesforce Starter 
Deepen customer relationships with sales, service, and marketing in one app. Time Estimate About 5 mins Topics Learning Objectives The Leads Advantage 
Create a Lead Manage Lead Records Convert Leads to Opportunities Resources Challenge +50 points Get help with this badge Provide feedback for this badge 
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Track Prospects with Salesforce Leads Learning Objectives After completing this unit, you’ll be able to: Describe the benefits of using leads. Create leads. 
Manage lead records. Convert leads to opportunities. The Leads Advantage Every company is unique, but all companies want to find, sell to, and keep 
customers. Salesforce provides the tools you need to grow your pipeline and make more sales. A lead is one such tool. Leads help you track the people and 
companies that you define as prospective customers. With leads, you can better track, report on, and target marketing campaigns to prospects. Store your 
prospects as leads, and then once a lead becomes qualified, you can convert it to an account, contact, and, optionally, an opportunity. Leads are especially useful 


if your company has two separate teams—one that handles lead generation and mass marketing and one that handles sales. The lead generation team can 


concentrate their work on the Leads tab, and the opportunity team can use the Account, Contact, and Opportunity tabs. Ready to take advantage of the leads 
tool? Let’s walk through the steps for creating, managing, and converting leads into opportunities. Create a Lead The first step in selling is to find customers. 
Here’s how to create a lead to help you do just that. Click the Lead tab. Click New. Create a lead record for your potential customer by entering the lead's name, 
company, contact information, associated status, and other relevant information. Note: Wondering how to determine lead assignments? Some companies assign 
leads automatically, such as by assigning leads to owners based on the lead’s geographical location. Other companies initially assign all new leads to a queue. 
Your Salesforce administrator will set up a lead assignment process that works for your company. New Lead record Click Save. You can also add leads by 
importing a file into Salesforce or through an automatic process, such as a Web-to-Lead form that collects leads from your business website. Manage Lead 
Records As you work to qualify your leads—or turn them into opportunities—the lead’s record serves as your workspace. Use the workspace to track 
interactions with leads, check campaign history, and plan future activities. The lead’s status is an important indicator that helps you track where each lead is in 
your sales process. The traditional way to update a lead’s status is to click Edit while viewing the lead’s record, change the Lead Status, and click Save. If the lead 
is involved in any marketing campaigns, they are listed in the Campaign History for the lead. Review the lead’s Details tab to find and update information about 
the lead. Use the lead’s Activity tab to log your calls and emails to help you remember what you talked about and how the lead responded. Plan for the future by 
creating Tasks or Events. Connect with your coworkers to ask questions, seek advice, or provide information on the lead’s Chatter tab. The Chatter feed for the 
record also shows when you create activities. Convert Leads to Opportunities Qualifying a lead indicates that you believe the lead has a use for and interest in 
your products, and that a sale is a definite possibility. The exact criteria for qualifying and converting leads is part of your company’s unique business process. 
When you qualify a lead, you can convert the lead record into an opportunity. You then work your opportunity until you close the deal. Here’s how you convert 
your lead record into an opportunity. On the Leads tab, open your lead record. Click Convert. In the Account section, create an account from the Company name 
entered for the lead. If you’re converting a lead who works for an existing account, select the existing account instead. In the Contact section, create a contact 
from the name entered for the lead. If the contact exists, select the existing contact instead. In the Opportunity section, enter a descriptive name for the new 
opportunity so it’s easy to identify the potential deal. Check that the Record Owner and Converted Status are correct. Click Convert. Look at that! You’ve created 
a lead and qualified it as an opportunity. You’re on your way to closing more deals. Resources Trailhead: Create and Convert Leads as Potential Customers 
Salesforce Blog: Lead Generation in Salesforce Salesforce Blog: How to Grow Your Business with Lead Generation Quiz Complete! +50 points Prospect Tracking 
with Salesforce Leads: Quick Look 100% Progress: 100% View more modules On Wed, Jul 3, 2024 at 3:41 PM tshingombe fiston wrote: On Tue, Jul 2, 2024 at 
1:51 PM tshingombe fiston wrote: 2 Itter tshingombe self asseme Incident logged on 2024.docx 3formsubmission-request-ip-licence-mip-327-24-0100-000 sale 
force emet tshingombe.pdf 3letter explanation theoretical assessment learne application course topics textbook.docx 4formsubmission-request-ip-licence-mip- 
329-24-0100-000, assessment scotland,,theoretical pratical... asses worsale.pdf assess engi worksale.pdf assess engi worksale.pdf traffic.pdf assess engi 
worksale.pdf traffic.pdf 3.pdf assess engi worksale.pdf traffic.pdf 3.pdf4.pdf assess engi worksale.pdf traffic.pdf 3.pdf4.pdf5.pdf assess engi worksale.pdf 
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